CVE-2019-13534 : Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.0

Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

Published 2019-09-12 20:15:12

Updated 2019-10-09 23:46:34

Source ICS-CERT

View at NVD, CVE.org

Products affected by CVE-2019-13534

Philips » Intellivue Mp Monitors Mp20-mp90 Firmware » Version: A.03.09
cpe:2.3:o:philips:intellivue_mp_monitors_mp20-mp90_firmware:a.03.09:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » M80010a » Version: A
When used together with: Philips » M8001a » Version: A
When used together with: Philips » M8002a » Version: A
When used together with: Philips » M8003a » Version: A
When used together with: Philips » M8004a » Version: A
When used together with: Philips » M8005a » Version: A
When used together with: Philips » M8007a » Version: A
When used together with: Philips » M8008a » Version: A
Philips » Intellivue Mp Monitors Mp5/5sc Firmware » Version: A.03.09
cpe:2.3:o:philips:intellivue_mp_monitors_mp5\/5sc_firmware:a.03.09:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » M8105a » Version: A
When used together with: Philips » M8105as » Version: A
Philips » Intellivue Mp Monitors Mp2/x2 Firmware » Version: A01.09
cpe:2.3:o:philips:intellivue_mp_monitors_mp2\/x2_firmware:a01.09:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » M3002a » Version: B
When used together with: Philips » M8102a » Version: B
Philips » Intellivue Mp Monitors Mx800/700/600 Firmware » Version: A.01.09
cpe:2.3:o:philips:intellivue_mp_monitors_mx800\/700\/600_firmware:a.01.09:*:*:*:*:*:*:*
Matching versions
When used together with: Philips » 865240 » Version: B
When used together with: Philips » 865241 » Version: B
When used together with: Philips » 865242 » Version: B

Exploit prediction scoring system (EPSS) score for CVE-2019-13534

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 28 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2019-13534

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	1.2	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2019-13534

CWE-494 Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)

References for CVE-2019-13534

https://www.us-cert.gov/ics/advisories/icsma-19-255-01

Philips IntelliVue WLAN | CISA
Mitigation;Third Party Advisory;US Government Resource

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2019-13534

Products affected by CVE-2019-13534

Exploit prediction scoring system (EPSS) score for CVE-2019-13534

CVSS scores for CVE-2019-13534

CWE ids for CVE-2019-13534

References for CVE-2019-13534