CVE Vulnerability

CVE-2018-10597

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.

5.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 5.5 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

8.3 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01 Third Party Advisory US Government Resource
Configurations

Configuration 1
Information

Published : 2018-06-05 08:29

Updated : 2021-05-10 03:08

NVD link : CVE-2018-10597

Mitre link : CVE-2018-10597

Products Affected
No products.
CWE
CWE-787