Permission Misconfiguration in Philips e-Alert Unit Software
CVE-2018-8848

7.5HIGH

Key Information:

Vendor

Philips
Status
E-alert Unit (non-medical Device)
Vendor
CVE Published:
26 September 2018

What is CVE-2018-8848?

The Philips e-Alert Unit software versions R2.1 and earlier are susceptible to a vulnerability that arises from improper permission settings during installation. This misconfiguration potentially allows unauthorized access to sensitive objects, which could be exploited by unintended actors, posing a significant security risk.

Affected Version(s)

e-Alert Unit (non-medical device) R2.1 and prior

References

https://www.usa.philips.com/healthcare/about/customer-sup...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/105194
vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.