Vulnerability Details CVE-2018-8846
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.1%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/105194
- https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
- https://www.usa.philips.com/healthcare/about/customer-support/product-security
- http://www.securityfocus.com/bid/105194
- https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
- https://www.usa.philips.com/healthcare/about/customer-support/product-security
Products affected by CVE-2018-8846
-
cpe:2.3:o:philips:e-alert_firmware:-
-
cpe:2.3:o:philips:e-alert_firmware:2.1
-
cpe:2.3:o:philips:e-alert_firmware:r2.1