Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-14799

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.

Published

2018-08-22T18:29:00.543

Last Modified

2024-11-21T03:49:49.167

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 3.7 (LOW)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.9

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-20
  • Type: Primary
    CWE-119
    CWE-134
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System philips pagewriter_tc70_firmware - Yes
Hardware philips pagewriter_tc70 - No
Operating System philips pagewriter_tc50_firmware - Yes
Hardware philips pagewriter_tc50 - No
Operating System philips pagewriter_tc30_firmware - Yes
Hardware philips pagewriter_tc30 - No
Operating System philips pagewriter_tc20_firmware - Yes
Hardware philips pagewriter_tc20 - No
Operating System philips pagewriter_tc10_firmware - Yes
Hardware philips pagewriter_tc10 - No
References