Identity Verification Flaw in Philips Alice 6 System
CVE-2018-5451

9.8CRITICAL

Key Information:

Vendor: Philips
Status: Philips Alice 6 System
Vendor: CVE Published:; 28 March 2018

Summary

The Philips Alice 6 System, in its R8.0.2 version and earlier, exhibits a significant weakness in its identity verification process. When an actor claims a specific identity, the software fails to properly validate this claim, potentially allowing unauthorized access to sensitive information or the ability to execute arbitrary commands. This vulnerability raises serious security concerns as it could lead to resources being exposed to unintended parties.

Affected Version(s)

Philips Alice 6 System Version R8.0.2 or prior.

References

https://ics-cert.us-cert.gov/advisories/ICSMA-18-086-01

x_refsource_MISC

http://www.securityfocus.com/bid/103537

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 28, 2018
Vulnerability Reserved
Jan 12, 2018