CVE-2018-10601
Severity CVSS v4.0:
Pending analysis
Type:
CWE-787
Out-of-bounds Write
Publication date:
05/06/2018
Last modified:
10/05/2021
Description
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.
Impact
Base Score 3.x
8.20
Severity 3.x
HIGH
Base Score 2.0
5.40
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:intellivue_np90:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:* | ||
| cpe:2.3:h:philips:intellivue_mx700:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page