CVE-2018-17906 — HIGH (8.8)

Vulnerability Description

Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Philips	Intellispace Pacs	All versions
Philips	Isite Pacs	All versions

Related Weaknesses (CWE)

CWE-521 CWE-306 CWE-1188

References

http://www.securityfocus.com/bid/105875Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-312-01Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/105875Third Party AdvisoryVDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-18-312-01Third Party AdvisoryUS Government Resource

FAQ

What is CVE-2018-17906?

CVE-2018-17906 is a vulnerability with a CVSS score of 8.8 (HIGH). Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compr...

How severe is CVE-2018-17906?

CVE-2018-17906 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-17906?

Check the references section above for vendor advisories and patch information. Affected products include: Philips Intellispace Pacs, Philips Isite Pacs.