CVE-2018-10599 : IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monit

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet.

Published 2018-06-05 20:29:01

Updated 2021-05-10 15:08:12

Source ICS-CERT

View at NVD, CVE.org

Vulnerability category: Information leak

Exploit prediction scoring system (EPSS) score for CVE-2018-10599

Probability of exploitation activity in the next 30 days: 0.07%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 28 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2018-10599

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.9	LOW	AV:A/AC:M/Au:N/C:P/I:N/A:N	5.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None
5.3	MEDIUM	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	1.6	3.6	NIST
Attack Vector: Adjacent Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2018-10599

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2018-10599

https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01

Philips' IntelliVue Patient and Avalon Fetal Monitors | CISA
Third Party Advisory;US Government Resource

CVEs referencing this url

Products affected by CVE-2018-10599

Philips » Avalon Fetal/maternal Monitors Fm20 Firmware » Version: N/A
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Avalon Fetal/maternal Monitors Fm20 » Version: N/A
Philips » Avalon Fetal/maternal Monitors Fm30 Firmware » Version: N/A
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Avalon Fetal/maternal Monitors Fm30 » Version: N/A
Philips » Avalon Fetal/maternal Monitors Fm40 Firmware » Version: N/A
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Avalon Fetal/maternal Monitors Fm40 » Version: N/A
Philips » Avalon Fetal/maternal Monitors Fm50 Firmware » Version: N/A
cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Avalon Fetal/maternal Monitors Fm50 » Version: N/A
Philips » Intellivue Mx100 Firmware » Version: N/A
cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Intellivue Mx100 » Version: N/A
Philips » Intellivue Mx400 Firmware » Version: N/A
cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Intellivue Mx400 » Version: N/A
Philips » Intellivue X2 Firmware » Version: N/A
cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Intellivue X2 » Version: N/A
Philips » Intellivue X3 Firmware » Version: N/A
cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Intellivue X3 » Version: N/A
Philips » Intellivue Mx800 Firmware » Version: N/A
cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Intellivue Mx800 » Version: N/A
Philips » Intellivue Mx700 Firmware » Version: N/A
cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Intellivue Mx700 » Version: N/A
Philips » Intellivue Mx550 Firmware » Version: N/A
cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Intellivue Mx550 » Version: N/A
Philips » Intellivue Mp2 Firmware » Version: N/A
cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Intellivue Mp2 » Version: N/A
Philips » Intellivue Mp30 Firmware » Version: N/A
cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Intellivue Mp30 » Version: N/A
Philips » Intellivue Mp50 Firmware » Version: N/A
cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Intellivue Mp50 » Version: N/A
Philips » Intellivue Mp70 Firmware » Version: N/A
cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Intellivue Mp70 » Version: N/A
Philips » Intellivue Np90 Firmware » Version: N/A
cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Intellivue Np90 » Version: N/A
Philips » Intellivue Mx450 Firmware » Version: N/A
cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Intellivue Mx450 » Version: N/A
Philips » Intellivue Mx500 Firmware » Version: N/A
cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » Intellivue Mx500 » Version: N/A

Vulnerability Details : CVE-2018-10599

Exploit prediction scoring system (EPSS) score for CVE-2018-10599

CVSS scores for CVE-2018-10599

CWE ids for CVE-2018-10599

References for CVE-2018-10599

Products affected by CVE-2018-10599