1. Home
  2. CVE Database
  3. CVE-2018-10601
HIGH · 8.2

CVE-2018-10601

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Mater...

Vulnerability Description

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.

CVSS Score

8.2

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
LOW
Availability
HIGH

Affected Products

VendorProductVersions
PhilipsIntellivue Mp2 Firmware-
PhilipsIntellivue Mp2-
PhilipsIntellivue X2 Firmware-
PhilipsIntellivue X2-
PhilipsIntellivue Mp30 Firmware-
PhilipsIntellivue Mp30-
PhilipsIntellivue Mp50 Firmware-
PhilipsIntellivue Mp50-
PhilipsIntellivue Mp70 Firmware-
PhilipsIntellivue Mp70-
PhilipsIntellivue Np90 Firmware-
PhilipsIntellivue Np90-
PhilipsIntellivue Mx700 Firmware-
PhilipsIntellivue Mx700-
PhilipsIntellivue Mx800 Firmware-
PhilipsIntellivue Mx800-
PhilipsIntellivue Mx400 Firmware-
PhilipsIntellivue Mx400-
PhilipsIntellivue Mx450 Firmware-
PhilipsIntellivue Mx450-

Related Weaknesses (CWE)

CWE-121CWE-787

References

FAQ

What is CVE-2018-10601?

CVE-2018-10601 is a vulnerability with a CVSS score of 8.2 (HIGH). IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Mater...

How severe is CVE-2018-10601?

CVE-2018-10601 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-10601?

Check the references section above for vendor advisories and patch information. Affected products include: Philips Intellivue Mp2 Firmware, Philips Intellivue Mp2, Philips Intellivue X2 Firmware, Philips Intellivue X2, Philips Intellivue Mp30 Firmware.