cvelist/2018/14xxx/CVE-2018-14801.json

{
    "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2018-08-16T00:00:00",
        "ID": "CVE-2018-14801",
        "STATE": "PUBLIC"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": "All versions prior to May 2018."
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "Philips"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "USE OF HARD-CODED CREDENTIALS CWE-798"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01",
                "refsource": "MISC",
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01"
            },
            {
                "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                "refsource": "CONFIRM",
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
                "name": "105103",
                "refsource": "BID",
                "url": "http://www.securityfocus.com/bid/105103"
            }
        ]
    }
}
- Synchronized data. 2018-08-01 16:05:02 -04:00			`{`
"-Synchronized-Data." 2019-03-18 01:18:27 +00:00			`"CVE_data_meta": {`
			`"ASSIGNER": "ics-cert@hq.dhs.gov",`
			`"DATE_PUBLIC": "2018-08-16T00:00:00",`
			`"ID": "CVE-2018-14801",`
			`"STATE": "PUBLIC"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": "All versions prior to May 2018."`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "Philips"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
			`"description": {`
			`"description_data": [`
- Added submissions from ICS-CERT for ICSMA-18-228-01 from 2018-08-22. 2018-08-22 13:26:05 -04:00			`{`
"-Synchronized-Data." 2019-03-18 01:18:27 +00:00			`"lang": "eng",`
			`"value": "In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords."`
- Added submissions from ICS-CERT for ICSMA-18-228-01 from 2018-08-22. 2018-08-22 13:26:05 -04:00			`}`
"-Synchronized-Data." 2019-03-18 01:18:27 +00:00			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "USE OF HARD-CODED CREDENTIALS CWE-798"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01",`
			`"refsource": "MISC",`
			`"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01"`
			`},`
			`{`
			`"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",`
			`"refsource": "CONFIRM",`
			`"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"`
			`},`
			`{`
			`"name": "105103",`
			`"refsource": "BID",`
			`"url": "http://www.securityfocus.com/bid/105103"`
			`}`
			`]`
			`}`
			`}`