CVE-2018-10601

Name of the Vulnerable Software and Affected Versions: IntelliVue Patient Monitors MP Series versions Rev B-M IntelliVue Patient Monitors MX versions Rev J-M Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0, J.3 IntelliVue Patient Monitors X3/MX100 version Rev M

Description: The issue exposes an "echo" service, where an attacker can send a buffer to a chosen device address within the same subnet, which is then copied to the stack without boundary checks, resulting in a stack overflow.

Recommendations: For IntelliVue Patient Monitors MP Series versions Rev B-M, update the software to a version that fixes the vulnerability. For IntelliVue Patient Monitors MX versions Rev J-M, update the software to a version that fixes the vulnerability. For Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0, J.3, update the software to a version that fixes the vulnerability. For IntelliVue Patient Monitors X3/MX100 version Rev M, update the software to a version that fixes the vulnerability. As a temporary workaround, consider disabling the "echo" service until a patch is available.