Lucene search

IcscertCVE-2018-8853

HistoryMay 04, 2018 - 5:29 p.m.

CVE-2018-8853

2018-05-0417:29:00

CWE-269

CWE-250

icscert

web.nvd.nist.gov

philips

brilliance ct

windows

unauthorized access

nvd

cve-2018-8853

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

21.1%

JSON

Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk application, user, or an attacker to potentially attain unauthorized elevated privileges in Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior. Also, attackers may gain access to unauthorized resources from the underlying Windows operating system.

Affected configurations

Nvd

Node

philipsbrilliance_firmware_64Range≤2.6.2

AND

philipsbrilliance_64Match-

Node

philipsbrilliance_ict_sp_firmwareRange≤3.2.4

AND

philipsbrilliance_ict_spMatch-

Node

philipsbrilliance_ict_firmwareRange≤4.1.6

AND

philipsbrilliance_ictMatch-

Node

philips_brilliance_ct_big_bore_firmwareRange≤2.3.5

AND

philips_brilliance_ct_big_boreMatch-

VendorProductVersionCPE
philipsbrilliance_firmware_64*cpe:2.3:o:philips:brilliance_firmware_64:*:*:*:*:*:*:*:*
philipsbrilliance_64-cpe:2.3:h:philips:brilliance_64:-:*:*:*:*:*:*:*
philipsbrilliance_ict_sp_firmware*cpe:2.3:o:philips:brilliance_ict_sp_firmware:*:*:*:*:*:*:*:*
philipsbrilliance_ict_sp-cpe:2.3:h:philips:brilliance_ict_sp:-:*:*:*:*:*:*:*
philipsbrilliance_ict_firmware*cpe:2.3:o:philips:brilliance_ict_firmware:*:*:*:*:*:*:*:*
philipsbrilliance_ict-cpe:2.3:h:philips:brilliance_ict:-:*:*:*:*:*:*:*
philips_brilliance_ct_big_bore_firmware*cpe:2.3:o:philips:_brilliance_ct_big_bore_firmware:*:*:*:*:*:*:*:*
philips_brilliance_ct_big_bore-cpe:2.3:h:philips:_brilliance_ct_big_bore:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
philips	brilliance_firmware_64	*	cpe:2.3:o:philips:brilliance_firmware_64::::::::
philips	brilliance_64	-	cpe:2.3:h:philips:brilliance_64:-:::::::*
philips	brilliance_ict_sp_firmware	*	cpe:2.3:o:philips:brilliance_ict_sp_firmware::::::::
philips	brilliance_ict_sp	-	cpe:2.3:h:philips:brilliance_ict_sp:-:::::::*
philips	brilliance_ict_firmware	*	cpe:2.3:o:philips:brilliance_ict_firmware::::::::
philips	brilliance_ict	-	cpe:2.3:h:philips:brilliance_ict:-:::::::*
philips	_brilliance_ct_big_bore_firmware	*	cpe:2.3:o:philips:_brilliance_ct_big_bore_firmware::::::::
philips	_brilliance_ct_big_bore	-	cpe:2.3:h:philips:_brilliance_ct_big_bore:-:::::::*

CNA Affected

[
  {
    "product": "Brilliance CT Scanners",
    "vendor": "Philips",
    "versions": [
      {
        "status": "affected",
        "version": "Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior."
      }
    ]
  }
]

References

www.securityfocus.com/bid/104088

ics-cert.us-cert.gov/advisories/ICSMA-18-123-01

www.usa.philips.com/healthcare/about/customer-support/product-security

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

21.1%

JSON

Related for CVE-2018-8853