Default Credential Vulnerability in Philips Medical Imaging Products
CVE-2018-17906

8.8HIGH

Key Information:

Vendor: Philips
Status: Philips Isite And Intellispace Pacs
Vendor: CVE Published:; 19 November 2018

Summary

The vulnerability in Philips iSite and IntelliSpace PACS exposes these medical imaging systems to potential unauthorized access due to the use of default credentials and insufficient authentication mechanisms in third-party software components. This flaw can allow malicious actors to exploit these weaknesses, compromising the integrity and confidentiality of sensitive patient data. Users are advised to update their systems and implement stronger authentication protocols to mitigate risks associated with this vulnerability.

Affected Version(s)

Philips iSite and IntelliSpace PACS iSite PACS, all versions, and IntelliSpace PACS, all versions.

References

https://ics-cert.us-cert.gov/advisories/ICSMA-18-312-01

x_refsource_MISC

http://www.securityfocus.com/bid/105875

vdb-entryx_refsource_BID

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 19, 2018
Vulnerability Reserved
Oct 2, 2018