CVE-2018-14787
N/A
N/A
Summary
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Philips | IntelliSpace Cardiovascular (ISCV) products | IntelliSpace Cardiovascular, Version 3.1 or prior | affected |
| Philips | IntelliSpace Cardiovascular (ISCV) products | Xcelera Version 4.1 or prior | affected |
Weaknesses
- CWE-269: IMPROPER PRIVILEGE MANAGEMENT CWE-269
ADP Enrichment
CVE Program Container
Additional References
- https://www.usa.philips.com/healthcare/about/customer-support/product-security
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01
References
- https://www.usa.philips.com/healthcare/about/customer-support/product-security
- https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.