CVE-2018-10597

Published: Jun 5, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.

Vendor	Product	Versions
ICS-CERT	IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors	affected `The following IntelliVue Patient Monitors versions are affected: IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, and IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only). The following Avalon Fetal/Maternal Monitors versions are affected: Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3`

Weaknesses (CWE)

CWE-287

References

https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-10597

Description

Affected Products

Weaknesses (CWE)

References