Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-8857

Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system.

Published

2018-05-04T17:29:00.503

Last Modified

2024-11-21T04:14:27.937

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Secondary
CWE-798
Type: Primary
CWE-798

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	philips	brilliance_firmware_64	≤ 2.6.2	Yes
Hardware	philips	brilliance_64	-	No
Operating System	philips	brilliance_ict_sp_firmware	≤ 3.2.4	Yes
Hardware	philips	brilliance_ict_sp	-	No
Operating System	philips	brilliance_ict_firmware	≤ 4.1.6	Yes
Hardware	philips	brilliance_ict	-	No
Operating System	philips	_brilliance_ct_big_bore_firmware	≤ 2.3.5	Yes
Hardware	philips	_brilliance_ct_big_bore	-	No

References

http://www.securityfocus.com/bid/104088 Third Party Advisory, VDB Entry ([email protected])
https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01 Third Party Advisory, US Government Resource ([email protected])
https://www.usa.philips.com/healthcare/about/customer-support/product-security Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/104088 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01 Third Party Advisory, US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
https://www.usa.philips.com/healthcare/about/customer-support/product-security Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)