Fixed Credentials Vulnerability in Philips Brilliance CT Software
CVE-2018-8857

7.8HIGH

Key Information:

Vendor
Philips
Status
Brilliance Ct Scanners
Vendor
CVE Published:
4 May 2018

Summary

The Philips Brilliance CT software, including versions of Brilliance 64, iCT, iCT SP, and CT Big Bore, exhibits a significant security flaw due to the use of fixed credentials like passwords or cryptographic keys. This vulnerability allows an attacker to exploit these hardcoded credentials, potentially leading to unauthorized access to the system. Such access could enable breaches of inbound authentication processes, interception of outbound communications to external components, or compromise the encryption of sensitive internal data.

Affected Version(s)

Brilliance CT Scanners Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior.

References

https://www.usa.philips.com/healthcare/about/customer-sup...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104088
vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.