FTP Credentials Vulnerability in Philips IntelliVue WLAN Portable Patient Monitors
CVE-2019-13530

7.2HIGH

Key Information:

Vendor: Philips
Status: Philips Intellivue Wlan, Portable Patient Monitors
Vendor: CVE Published:; 12 September 2019

Summary

The Philips IntelliVue WLAN portable patient monitors have a vulnerability that allows an attacker to exploit weak FTP credentials. This issue permits unauthorized access, enabling an attacker to log in and potentially upload malicious firmware. The affected versions include WLAN Version A with Firmware A.03.09 and WLAN Version B with Firmware A.01.09. It is essential for users of these devices to apply recommended security practices to mitigate potential risks.

Affected Version(s)

Philips IntelliVue WLAN, portable patient monitors = WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C)

References

https://www.us-cert.gov/ics/advisories/icsma-19-255-01

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 12, 2019
Vulnerability Reserved
Jul 11, 2019