Vulnerabilities > CVE-2018-10597 - Out-of-bounds Write vulnerability in Philips products

CVSS 8.3 - HIGH

Attack vector

ADJACENT_NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

high complexity

philips

CWE-787

NVD

Published: 2018-06-05

Updated: 2021-05-10

Summary

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.

Vulnerable Configurations

Part	Description	Count
OS	Philips Philips Intellivue MP2 Firmware - Philips Intellivue X2 Firmware - Philips Intellivue Mp30 Firmware - Philips Intellivue Mp50 Firmware - Philips Intellivue Mp70 Firmware - Philips Intellivue Np90 Firmware - Philips Intellivue Mx700 Firmware - Philips Intellivue Mx800 Firmware - Philips Intellivue Mx400 Firmware - Philips Intellivue Mx450 Firmware - Philips Intellivue Mx500 Firmware - Philips Intellivue Mx550 Firmware - Philips Intellivue X3 Firmware - Philips Intellivue Mx100 Firmware - Philips Avalon Fetal/Maternal Monitors Fm20 Firmware - Philips Avalon Fetal/Maternal Monitors Fm30 Firmware - Philips Avalon Fetal/Maternal Monitors Fm40 Firmware - Philips Avalon Fetal/Maternal Monitors Fm50 Firmware -	18
Hardware	Philips Philips Intellivue MP2 - Philips Intellivue X2 - Philips Intellivue Mp30 - Philips Intellivue Mp50 - Philips Intellivue Mp70 - Philips Intellivue Np90 - Philips Intellivue Mx700 - Philips Intellivue Mx800 - Philips Intellivue Mx400 - Philips Intellivue Mx450 - Philips Intellivue Mx500 - Philips Intellivue Mx550 - Philips Intellivue X3 - Philips Intellivue Mx100 - Philips Avalon Fetal/Maternal Monitors Fm20 - Philips Avalon Fetal/Maternal Monitors Fm30 - Philips Avalon Fetal/Maternal Monitors Fm40 - Philips Avalon Fetal/Maternal Monitors Fm50 -	18

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01