Sign-up

ID

VAR-201803-1809


CVE

CVE-2018-5474


TITLE

Philips Intellispace Portal Input validation vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-003332 // CNNVD: CNNVD-201803-772

DESCRIPTION

Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash. Philips Intellispace Portal Contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Philips Intellispace Portal can process clinical images from different modes and enables advanced visualization of the images. ISP systems are deployed in the healthcare and public health sectors. Philips Intellispace Portal is prone to the following security vulnerabilities. 1. A remote code-execution vulnerability 2. Multiple privilege-escalation vulnerabilities 3. This may lead to complete compromise of the device. Intellispace Portal versions 8.0.x and 7.0.x are vulnerable. The system provides viewing of echographic images and a single point of access for physicians

Trust: 2.52

sources: NVD: CVE-2018-5474 // JVNDB: JVNDB-2018-003332 // CNVD: CNVD-2018-03812 // BID: 103182 // VULHUB: VHN-135505

AFFECTED PRODUCTS

vendor:philipsmodel:intellispace portalscope:eqversion:8.0

Trust: 1.9

vendor:philipsmodel:intellispace portalscope:eqversion:9.0

Trust: 1.6

vendor:philipsmodel:intellispace portalscope:eqversion:8.0.x

Trust: 1.4

vendor:philipsmodel:intellispace portalscope:eqversion:7.0.x

Trust: 1.4

vendor:philipsmodel:intellispace portalscope:eqversion:7.0

Trust: 0.3

sources: CNVD: CNVD-2018-03812 // BID: 103182 // JVNDB: JVNDB-2018-003332 // CNNVD: CNNVD-201803-772 // NVD: CVE-2018-5474

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5474
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-5474
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-03812
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-772
value: CRITICAL

Trust: 0.6

VULHUB: VHN-135505
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-5474
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-03812
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-135505
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5474
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-03812 // VULHUB: VHN-135505 // JVNDB: JVNDB-2018-003332 // CNNVD: CNNVD-201803-772 // NVD: CVE-2018-5474

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-135505 // JVNDB: JVNDB-2018-003332 // NVD: CVE-2018-5474

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-772

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-201803-772

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003332

PATCH
title:Philips IntelliSpace Portal Vulnerabilities (26-FEB-2018)url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 0.8
title:Patch for Philips Intellispace Portal Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/119263
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-03812 // 
            
            
            
            JVNDB: JVNDB-2018-003332

EXTERNAL IDS
db:NVDid:CVE-2018-5474
Trust: 3.4
db:ICS CERTid:ICSMA-18-058-02
Trust: 3.4
db:BIDid:103182
Trust: 2.0
db:JVNDBid:JVNDB-2018-003332
Trust: 0.8
db:CNVDid:CNVD-2018-03812
Trust: 0.6
db:CNNVDid:CNNVD-201803-772
Trust: 0.6
db:VULHUBid:VHN-135505
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-03812 // 
            
            
            
            VULHUB: VHN-135505 // 
            
            
            
            BID: 103182 // 
            
            
            
            JVNDB: JVNDB-2018-003332 // 
            
            
            
            CNNVD: CNNVD-201803-772 // 
            
            
            
            NVD: CVE-2018-5474

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-18-058-02
Trust: 3.4
url:http://www.securityfocus.com/bid/103182
Trust: 1.7
url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5474
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-5474
Trust: 0.8
url:http://www.usa.philips.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-03812 // 
            
            
            
            VULHUB: VHN-135505 // 
            
            
            
            BID: 103182 // 
            
            
            
            JVNDB: JVNDB-2018-003332 // 
            
            
            
            CNNVD: CNNVD-201803-772 // 
            
            
            
            NVD: CVE-2018-5474

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 103182

SOURCES
db:CNVDid:CNVD-2018-03812
db:VULHUBid:VHN-135505
db:BIDid:103182
db:JVNDBid:JVNDB-2018-003332
db:CNNVDid:CNNVD-201803-772
db:NVDid:CVE-2018-5474

LAST UPDATE DATE
2024-08-14T12:23:44.874000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-03812date:2018-02-28T00:00:00
db:VULHUBid:VHN-135505date:2019-10-09T00:00:00
db:BIDid:103182date:2018-02-27T00:00:00
db:JVNDBid:JVNDB-2018-003332date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-772date:2019-10-17T00:00:00
db:NVDid:CVE-2018-5474date:2019-10-09T23:41:26.610

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-03812date:2018-02-28T00:00:00
db:VULHUBid:VHN-135505date:2018-03-26T00:00:00
db:BIDid:103182date:2018-02-27T00:00:00
db:JVNDBid:JVNDB-2018-003332date:2018-05-22T00:00:00
db:CNNVDid:CNNVD-201803-772date:2018-03-22T00:00:00
db:NVDid:CVE-2018-5474date:2018-03-26T14:29:00.713