Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-14801

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.

Published

2018-08-22T18:29:00.650

Last Modified

2024-11-21T03:49:49.447

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.2 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Secondary
    CWE-798
  • Type: Primary
    CWE-798
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System philips pagewriter_tc70_firmware - Yes
Hardware philips pagewriter_tc70 - No
Operating System philips pagewriter_tc50_firmware - Yes
Hardware philips pagewriter_tc50 - No
Operating System philips pagewriter_tc30_firmware - Yes
Hardware philips pagewriter_tc30 - No
Operating System philips pagewriter_tc20_firmware - Yes
Hardware philips pagewriter_tc20 - No
Operating System philips pagewriter_tc10_firmware - Yes
Hardware philips pagewriter_tc10 - No
References