Hard-Coded Cryptographic Key Vulnerability in Philips e-Alert Unit Software
CVE-2018-8856

9.8CRITICAL

Key Information:

Vendor

Philips
Status
E-alert Unit (non-medical Device)
Vendor
CVE Published:
26 September 2018

What is CVE-2018-8856?

The Philips e-Alert Unit software version R2.1 and earlier has a vulnerability that stems from the use of hard-coded cryptographic keys, which can compromise the encryption of internal data stored within the device. This can potentially allow unauthorized access to sensitive information, putting user data at risk. Users of affected versions should take immediate action to remediate this issue by updating to the latest version available.

Affected Version(s)

e-Alert Unit (non-medical device) R2.1 and prior

References

https://www.usa.philips.com/healthcare/about/customer-sup...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/105194
vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.