Unauthorized Privilege Escalation in Philips Brilliance CT Devices
CVE-2018-8853

8.8HIGH

Key Information:

Vendor

Philips
Status
Brilliance Ct Scanners
Vendor
CVE Published:
4 May 2018

What is CVE-2018-8853?

Philips Brilliance CT devices, which operate user functions within a secure kiosk environment on Microsoft Windows, are affected by a flaw that allows unauthorized users to gain elevated privileges. This vulnerability exists due to the default settings of the Windows operating system, which boots with elevated privileges. As a result, malicious actors could exploit this weakness to access restricted features or underlying resources, significantly compromising the security of the devices and patient data.

Affected Version(s)

Brilliance CT Scanners Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior.

References

https://www.usa.philips.com/healthcare/about/customer-sup...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104088
vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.