Unauthorized Access Vulnerability in Philips Brilliance CT Kiosk Environment
CVE-2018-8861

8.7HIGH

Key Information:

Vendor
Philips
Status
Brilliance Ct Scanners
Vendor
CVE Published:
4 May 2018

Summary

The Philips Brilliance CT kiosk environment contains vulnerabilities that allow limited-access kiosk users or unauthorized attackers to escape the kiosk's controlled environment. This security flaw enables potentially malicious actors to gain elevated privileges within the underlying Windows operating system, leading to unauthorized access to sensitive resources. The issue affects multiple versions of Philips Brilliance products, making it crucial for users to ensure their systems are updated with the latest security patches and to remain vigilant against potential exploitation.

Affected Version(s)

Brilliance CT Scanners Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior.

References

https://www.usa.philips.com/healthcare/about/customer-sup...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104088
vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSMA-18-123-01
x_refsource_MISC

CVSS V3.1

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.