CVE-2019-13530
Severity CVSS v4.0:
Pending analysis
Type:
CWE-798
Use of Hard-coded Credentials
Publication date:
12/09/2019
Last modified:
09/10/2019
Description
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware.
Impact
Base Score 3.x
7.20
Severity 3.x
HIGH
Base Score 2.0
6.50
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:philips:intellivue_mp_monitors_mp20-mp90_firmware:a.03.09:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:m80010a:a:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:m8001a:a:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:m8002a:a:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:m8003a:a:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:m8004a:a:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:m8005a:a:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:m8007a:a:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:m8008a:a:*:*:*:*:*:*:* | ||
| cpe:2.3:o:philips:intellivue_mp_monitors_mp5\/5sc_firmware:a.03.09:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:m8105a:a:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:m8105as:a:*:*:*:*:*:*:* | ||
| cpe:2.3:o:philips:intellivue_mp_monitors_mp2\/x2_firmware:a01.09:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:m3002a:b:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:m8102a:b:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page