Security Vulnerabilities - CVEs Published In April 2018
interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the newtemplatename and form_body parameters.
CVSS Score
6.5
EPSS Score
0.003
Published
2018-04-30
interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote authenticated users to bypass intended access restrictions via the scan parameter.
CVSS Score
8.8
EPSS Score
0.007
Published
2018-04-30
An issue was discovered in MagniComp SysInfo before 10-H82 if setuid root (the default). This vulnerability allows any local user on a Linux/UNIX system to run SysInfo and obtain a root shell, which can be used to compromise the local system.
CVSS Score
7.8
EPSS Score
0.0
Published
2018-04-30
Frog CMS 0.9.5 has XSS in /install/index.php via the ['config']['admin_username'] field.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-04-30
Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the central monitor, and thus should be operating in local monitoring mode (local audio-on, screen-on), but the MX40 WLAN itself can instead still be operating in telemetry mode (local audio-off, screen-off). If a patient experiences an alarm event and clinical staff expects the MX40 to provide local alarming when it is not available from the local device, a delay of treatment can occur. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point.
CVSS Score
6.5
EPSS Score
0.005
Published
2018-04-30
Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access point. During this state, the Philips IntelliVue MX40 Version B.06.18 can either connect to an alternative access point within signal range for association to a central monitoring station, or it can remain in local monitoring mode until the device is reset by hospital staff. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point.
CVSS Score
6.5
EPSS Score
0.004
Published
2018-04-30
The Milestone XProtect Video Management Software (Corporate, Expert, Professional+, Express+, Essential+) 2016 R1 (10.0.a) to 2018 R1 (12.1a) contains .NET Remoting endpoints that are vulnerable to deserialization attacks resulting in remote code execution.
CVSS Score
8.1
EPSS Score
0.045
Published
2018-04-30
Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash. CVSS v3 base score: 7.1; CVSS vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made available as of March 22, 2018, or the latest available version.
CVSS Score
7.8
EPSS Score
0.001
Published
2018-04-30
Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, V500R002C00, V600R006C00, TE40 V500R002C00, V600R006C00, TE50 V500R002C00, V600R006C00, TE60 V100R001C10, V500R002C00, V600R006C00 have an invalid memory access vulnerability. An unauthenticated attacker has to find a way to send malformed SCCP messages to the affected products. Due to insufficient input validation of some values in the messages, successful exploit may cause buffer error and some service abnormal.
CVSS Score
3.7
EPSS Score
0.001
Published
2018-04-30
Huawei MBB (Mobile Broadband) products E5771h-937 with the versions before E5771h-937TCPU-V200R001B328D62SP00C1133 and the versions before E5771h-937TCPU-V200R001B329D05SP00C1308 have a Denial of Service (DoS) vulnerability. When an attacker accessing device sends special http request to device, the webserver process will try to apply too much memory which can cause the device to become unable to respond. An attacker can launch a DoS attack by exploiting this vulnerability.
CVSS Score
6.5
EPSS Score
0.0
Published
2018-04-30