Vulnerability Details : CVE-2018-10599
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2018-10599
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 28 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-10599
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.9
|
LOW | AV:A/AC:M/Au:N/C:P/I:N/A:N |
5.5
|
2.9
|
NIST |
5.3
|
MEDIUM | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
1.6
|
3.6
|
NIST |
CWE ids for CVE-2018-10599
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2018-10599
-
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01
Philips' IntelliVue Patient and Avalon Fetal Monitors | CISAThird Party Advisory;US Government Resource
Products affected by CVE-2018-10599
- cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm20_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm30_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm40_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:avalon_fetal\/maternal_monitors_fm50_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:intellivue_mx100_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:intellivue_mx400_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:intellivue_x3_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:intellivue_mx800_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:intellivue_mx700_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:intellivue_mx550_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:intellivue_np90_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:intellivue_mx450_firmware:-:*:*:*:*:*:*:*
- cpe:2.3:o:philips:intellivue_mx500_firmware:-:*:*:*:*:*:*:*