PT-2018-12736 · Philips · Philips Pagewriter Tc50+4

Published

2018-08-22

Updated

2019-10-09

CVE-2018-14801

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs versions prior to May 2018

Description The issue allows an attacker with physical access and the superuser password to access and modify all settings on the device, as well as reset existing passwords.

Recommendations For versions prior to May 2018, restrict physical access to the device and limit knowledge of the superuser password to authorized personnel. As a temporary workaround, consider implementing additional authentication mechanisms to prevent unauthorized access to the device settings.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798

Related Identifiers

CVE-2018-14801

Affected Products

Philips Pagewriter Tc10

Philips Pagewriter Tc20

Philips Pagewriter Tc30

Philips Pagewriter Tc50

Philips Pagewriter Tc70

PT-2018-12736 · Philips · Philips Pagewriter Tc50+4

CVE-2018-14801

Weakness Enumeration

Related Identifiers

Affected Products

References · 4