CVE-2018-14801

EUVD-2018-6685
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.2 MEDIUM
PHYSICAL
LOW
HIGH
CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Affected Products (NVD)
VendorProductVersion
philipspagewriter_tc70_firmware
-
philipspagewriter_tc50_firmware
-
philipspagewriter_tc30_firmware
-
philipspagewriter_tc20_firmware
-
philipspagewriter_tc10_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105103
https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01
https://www.usa.philips.com/healthcare/about/customer-support/product-security
http://www.securityfocus.com/bid/105103
https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01
https://www.usa.philips.com/healthcare/about/customer-support/product-security