CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
38.1%
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory (“write-what-where”) from an attacker-chosen device address within the same subnet.
Vendor | Product | Version | CPE |
---|---|---|---|
philips | intellivue_mp2_firmware | - | cpe:2.3:o:philips:intellivue_mp2_firmware:-:*:*:*:*:*:*:* |
philips | intellivue_mp2 | - | cpe:2.3:h:philips:intellivue_mp2:-:*:*:*:*:*:*:* |
philips | intellivue_x2_firmware | - | cpe:2.3:o:philips:intellivue_x2_firmware:-:*:*:*:*:*:*:* |
philips | intellivue_x2 | - | cpe:2.3:h:philips:intellivue_x2:-:*:*:*:*:*:*:* |
philips | intellivue_mp30_firmware | - | cpe:2.3:o:philips:intellivue_mp30_firmware:-:*:*:*:*:*:*:* |
philips | intellivue_mp30 | - | cpe:2.3:h:philips:intellivue_mp30:-:*:*:*:*:*:*:* |
philips | intellivue_mp50_firmware | - | cpe:2.3:o:philips:intellivue_mp50_firmware:-:*:*:*:*:*:*:* |
philips | intellivue_mp50 | - | cpe:2.3:h:philips:intellivue_mp50:-:*:*:*:*:*:*:* |
philips | intellivue_mp70_firmware | - | cpe:2.3:o:philips:intellivue_mp70_firmware:-:*:*:*:*:*:*:* |
philips | intellivue_mp70 | - | cpe:2.3:h:philips:intellivue_mp70:-:*:*:*:*:*:*:* |
[
{
"product": "IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors",
"vendor": "ICS-CERT",
"versions": [
{
"status": "affected",
"version": "The following IntelliVue Patient Monitors versions are affected: IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, and IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only). The following Avalon Fetal/Maternal Monitors versions are affected: Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3"
}
]
}
]
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
38.1%