CVE-2018-14789

In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
icscertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
philipsintellispace_cardiovascular
𝑥
≤ 3.1
philipsxcelera
𝑥
≤ 4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01
https://www.usa.philips.com/healthcare/about/customer-support/product-security
https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01
https://www.usa.philips.com/healthcare/about/customer-support/product-security