CVE-2018-14801

In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.
References
Link Resource
https://www.usa.philips.com/healthcare/about/customer-support/product-security Vendor Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01 Third Party Advisory US Government Resource VDB Entry
http://www.securityfocus.com/bid/105103 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:philips:pagewriter_tc70_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:pagewriter_tc70:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:philips:pagewriter_tc50_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:pagewriter_tc50:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:philips:pagewriter_tc30_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:pagewriter_tc30:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:philips:pagewriter_tc20_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:pagewriter_tc20:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:philips:pagewriter_tc10_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:philips:pagewriter_tc10:-:*:*:*:*:*:*:*

Information

Published : 2018-08-22 11:29

Updated : 2019-10-09 16:35


NVD link : CVE-2018-14801

Mitre link : CVE-2018-14801


JSON object : View

CWE
CWE-798

Use of Hard-coded Credentials

Advertisement

dedicated server usa

Products Affected

philips

  • pagewriter_tc20
  • pagewriter_tc30_firmware
  • pagewriter_tc20_firmware
  • pagewriter_tc10
  • pagewriter_tc30
  • pagewriter_tc70
  • pagewriter_tc10_firmware
  • pagewriter_tc50
  • pagewriter_tc70_firmware
  • pagewriter_tc50_firmware