4 matches found
CVE-2018-7498
Philips Alice 6 System (R8.0.3 or prior) is affected by CVE-2018-7498 due to missing encryption of sensitive data (CWE-311), impacting confidentiality/integrity not properly protected. Update to R8.0.4 to remediate; apply network security controls and follow ICS-CERT guidance for defense-in-depth.
CVE-2018-5451
In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers...
CVE-2018-5451
CVE-2018-5451 is tied to Philips Alice 6 System. The connected update (ICSMA-18-086-01) confirms an improper authentication vulnerability (CWE-287) where, when an actor claims an identity, the system does not adequately verify it, potentially exposing resources or functionality to unintended acto...
CVE-2018-7498
In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys...