Details of VAR-201806-0569

ID

VAR-201806-0569

CVE

CVE-2018-10599

TITLE

Philips IntelliVue Patient and Avalon Fetal Monitors Information Exposure Vulnerability

Trust: 0.8

sources: IVD: e2f46893-39ab-11e9-bddd-000c29342cb1 // CNVD: CNVD-2018-11995

DESCRIPTION

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet. plural Philips The product contains an information disclosure vulnerability.Information may be obtained. Philips IntelliVuePatientMonitorsMP2 and so on are all products of the Dutch company Philips. The Philips IntelliVuePatientMonitors MP2 is an MP series patient monitor device. The AvalonFetal/MaternalMonitorsFM20 is a maternal and child monitor device. There is an information disclosure vulnerability in PhilipsIntelliVuePatientandAvalonFetalMonitors. An attacker could exploit the vulnerability to read memory from its selected device address (within the same subnet). The following products and versions are affected: Philips IntelliVue Patient Monitors MP2/X2/MP30/MP50/MP70/NP90/MX700/800 Rev. B to Rev. M; IntelliVue Patient Monitors MX400-550 Rev. J to Rev. M; X3/ MX100 M revision; Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 using F.0, G.0 and J.3 software revisions

Trust: 2.43

sources: NVD: CVE-2018-10599 // JVNDB: JVNDB-2018-006287 // CNVD: CNVD-2018-11995 // IVD: e2f46893-39ab-11e9-bddd-000c29342cb1 // VULHUB: VHN-120374

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: e2f46893-39ab-11e9-bddd-000c29342cb1 // CNVD: CNVD-2018-11995

AFFECTED PRODUCTS

vendor:	philips	model:	avalon fetal\/maternal monitors fm20	scope:	eq	version:	-	Trust: 1.6
vendor:	philips	model:	avalon fetal\/maternal monitors fm40	scope:	eq	version:	-	Trust: 1.6
vendor:	philips	model:	avalon fetal\/maternal monitors fm30	scope:	eq	version:	-	Trust: 1.6
vendor:	philips	model:	avalon fetal\/maternal monitors fm50	scope:	eq	version:	-	Trust: 1.6
vendor:	philips	model:	intellivue mx450	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mp30	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mp50	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue x2	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mx550	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mx800	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mp2	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mx700	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mp70	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mx500	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue x3	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mx400	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue np90	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	intellivue mx100	scope:	eq	version:	-	Trust: 1.0
vendor:	philips	model:	avalon fetal/maternal monitors fm20	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	avalon fetal/maternal monitors fm30	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	avalon fetal/maternal monitors fm40	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	avalon fetal/maternal monitors fm50	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	intellivue patient monitors mp2	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	intellivue patient monitors mp30	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	intellivue patient monitors mp50	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	intellivue patient monitors mp70	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	intellivue patient monitors mx100	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	intellivue patient monitors mx400	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	intellivue patient monitors mx450	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	intellivue patient monitors mx500	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	intellivue patient monitors mx550	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	intellivue patient monitors mx700	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	intellivue patient monitors mx800	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	intellivue patient monitors np90	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	intellivue patient monitors x2	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	intellivue patient monitors x3	scope:	-	version:	-	Trust: 0.8
vendor:	philips	model:	avalon fetal/maternal monitors fm20/fm30/fm40/fm50 f.0	scope:	-	version:	-	Trust: 0.6
vendor:	philips	model:	avalon fetal/maternal monitors fm20/fm30/fm40/fm50 g.0	scope:	-	version:	-	Trust: 0.6
vendor:	philips	model:	avalon fetal/maternal monitors fm20/fm30/fm40/fm50 j.3	scope:	-	version:	-	Trust: 0.6
vendor:	philips	model:	intellivue patient monitors mx550	scope:	eq	version:	-	Trust: 0.6
vendor:	philips	model:	intellivue patient monitors mx700	scope:	eq	version:	-	Trust: 0.6
vendor:	philips	model:	intellivue patient monitors x3	scope:	eq	version:	-	Trust: 0.6
vendor:	philips	model:	intellivue patient monitors mx500	scope:	eq	version:	-	Trust: 0.6
vendor:	philips	model:	intellivue patient monitors mx100	scope:	eq	version:	-	Trust: 0.6
vendor:	philips	model:	intellivue patient monitors mx450	scope:	eq	version:	-	Trust: 0.6
vendor:	intellivue patient monitors mp2	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	intellivue patient monitors mx450	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	intellivue patient monitors mx500	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	intellivue patient monitors mx550	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	intellivue patient monitors x3	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	intellivue patient monitors mx100	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	avalon fetal maternal monitors fm20	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	avalon fetal maternal monitors fm30	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	avalon fetal maternal monitors fm40	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	avalon fetal maternal monitors fm50	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	intellivue patient monitors x2	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	intellivue patient monitors mp30	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	intellivue patient monitors mp50	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	intellivue patient monitors mp70	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	intellivue patient monitors np90	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	intellivue patient monitors mx700	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	intellivue patient monitors mx800	model:	-	scope:	eq	version:	-	Trust: 0.2
vendor:	intellivue patient monitors mx400	model:	-	scope:	eq	version:	-	Trust: 0.2

sources: IVD: e2f46893-39ab-11e9-bddd-000c29342cb1 // CNVD: CNVD-2018-11995 // JVNDB: JVNDB-2018-006287 // CNNVD: CNNVD-201806-304 // NVD: CVE-2018-10599

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-10599
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-10599
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-11995
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201806-304
value:	MEDIUM
Trust: 0.6
IVD:	e2f46893-39ab-11e9-bddd-000c29342cb1
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-120374
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-10599
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-11995
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.2
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2f46893-39ab-11e9-bddd-000c29342cb1
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:H/AU:N/C:C/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.2
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-120374
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-10599
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.6
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: IVD: e2f46893-39ab-11e9-bddd-000c29342cb1 // CNVD: CNVD-2018-11995 // VULHUB: VHN-120374 // JVNDB: JVNDB-2018-006287 // CNNVD: CNNVD-201806-304 // NVD: CVE-2018-10599

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-120374 // JVNDB: JVNDB-2018-006287 // NVD: CVE-2018-10599

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201806-304

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201806-304

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006287

PATCH

title:	Top Page	url:	https://www.usa.philips.com/healthcare	Trust: 0.8
title:	PhilipsIntelliVuePatientandAvalonFetalMonitors information disclosure vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/132731	Trust: 0.6
title:	Multiple Philips Product information disclosure vulnerability repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80662	Trust: 0.6

sources: CNVD: CNVD-2018-11995 // JVNDB: JVNDB-2018-006287 // CNNVD: CNNVD-201806-304

EXTERNAL IDS

db:	NVD	id:	CVE-2018-10599	Trust: 3.3
db:	ICS CERT	id:	ICSMA-18-156-01	Trust: 3.1
db:	CNVD	id:	CNVD-2018-11995	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-304	Trust: 0.8
db:	JVNDB	id:	JVNDB-2018-006287	Trust: 0.8
db:	IVD	id:	E2F46893-39AB-11E9-BDDD-000C29342CB1	Trust: 0.2
db:	VULHUB	id:	VHN-120374	Trust: 0.1

sources: IVD: e2f46893-39ab-11e9-bddd-000c29342cb1 // CNVD: CNVD-2018-11995 // VULHUB: VHN-120374 // JVNDB: JVNDB-2018-006287 // CNNVD: CNNVD-201806-304 // NVD: CVE-2018-10599

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsma-18-156-01	Trust: 3.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10599	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-10599	Trust: 0.8

sources: CNVD: CNVD-2018-11995 // VULHUB: VHN-120374 // JVNDB: JVNDB-2018-006287 // CNNVD: CNNVD-201806-304 // NVD: CVE-2018-10599

SOURCES

db:	IVD	id:	e2f46893-39ab-11e9-bddd-000c29342cb1
db:	CNVD	id:	CNVD-2018-11995
db:	VULHUB	id:	VHN-120374
db:	JVNDB	id:	JVNDB-2018-006287
db:	CNNVD	id:	CNNVD-201806-304
db:	NVD	id:	CVE-2018-10599

LAST UPDATE DATE

2024-11-23T22:55:52.257000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-11995	date:	2018-06-25T00:00:00
db:	VULHUB	id:	VHN-120374	date:	2019-10-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-006287	date:	2018-08-15T00:00:00
db:	CNNVD	id:	CNNVD-201806-304	date:	2020-07-22T00:00:00
db:	NVD	id:	CVE-2018-10599	date:	2024-11-21T03:41:38.247

SOURCES RELEASE DATE

db:	IVD	id:	e2f46893-39ab-11e9-bddd-000c29342cb1	date:	2018-06-25T00:00:00
db:	CNVD	id:	CNVD-2018-11995	date:	2018-06-25T00:00:00
db:	VULHUB	id:	VHN-120374	date:	2018-06-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-006287	date:	2018-08-15T00:00:00
db:	CNNVD	id:	CNNVD-201806-304	date:	2018-06-06T00:00:00
db:	NVD	id:	CVE-2018-10599	date:	2018-06-05T20:29:00.873