Skip to main content

Pagewriter Tc70 Firmware CVE-2018-14799

LOW
Improper Input Validation (CWE-20)
2018-08-22 ics-cert@hq.dhs.gov
3.7
CVSS 3.0 · NVD

Severity by source

NVD PRIMARY
3.7 LOW
AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

1
CVE Published
Aug 22, 2018 - 18:29 nvd
LOW 3.7

DescriptionNVD

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.

AnalysisAI

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. Rated low severity (CVSS 3.7), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities. Affected products include: Philips Pagewriter Tc70 Firmware, Philips Pagewriter Tc50 Firmware, Philips Pagewriter Tc30 Firmware, Philips Pagewriter Tc20 Firmware, Philips Pagewriter Tc10 Firmware.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

Share

CVE-2018-14799 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy