Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-10601

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.

Published

2018-06-05T20:29:00.903

Last Modified

2024-11-21T03:41:38.507

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.2 (HIGH)

CVSSv2 Vector

AV:A/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: ADJACENT_NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

5.5

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-121
  • Type: Primary
    CWE-787
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System philips intellivue_mp2_firmware - Yes
Hardware philips intellivue_mp2 - No
Operating System philips intellivue_x2_firmware - Yes
Hardware philips intellivue_x2 - No
Operating System philips intellivue_mp30_firmware - Yes
Hardware philips intellivue_mp30 - No
Operating System philips intellivue_mp50_firmware - Yes
Hardware philips intellivue_mp50 - No
Operating System philips intellivue_mp70_firmware - Yes
Hardware philips intellivue_mp70 - No
Operating System philips intellivue_np90_firmware - Yes
Hardware philips intellivue_np90 - No
Operating System philips intellivue_mx700_firmware - Yes
Hardware philips intellivue_mx700 - No
Operating System philips intellivue_mx800_firmware - Yes
Hardware philips intellivue_mx800 - No
Operating System philips intellivue_mx400_firmware - Yes
Hardware philips intellivue_mx400 - No
Operating System philips intellivue_mx450_firmware - Yes
Hardware philips intellivue_mx450 - No
Operating System philips intellivue_mx500_firmware - Yes
Hardware philips intellivue_mx500 - No
Operating System philips intellivue_mx550_firmware - Yes
Hardware philips intellivue_mx550 - No
Operating System philips intellivue_x3_firmware - Yes
Hardware philips intellivue_x3 - No
Operating System philips intellivue_mx100_firmware - Yes
Hardware philips intellivue_mx100 - No
Operating System philips avalon_fetal\/maternal_monitors_fm20_firmware - Yes
Hardware philips avalon_fetal\/maternal_monitors_fm20 - No
Operating System philips avalon_fetal\/maternal_monitors_fm30_firmware - Yes
Hardware philips avalon_fetal\/maternal_monitors_fm30 - No
Operating System philips avalon_fetal\/maternal_monitors_fm40_firmware - Yes
Hardware philips avalon_fetal\/maternal_monitors_fm40 - No
Operating System philips avalon_fetal\/maternal_monitors_fm50_firmware - Yes
Hardware philips avalon_fetal\/maternal_monitors_fm50 - No
References