CVE-2018-10597

Name of the Vulnerable Software and Affected Versions: IntelliVue Patient Monitors MP Series versions Rev B-M IntelliVue Patient Monitors MX versions Rev J-M Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0, J.3 IntelliVue Patient Monitors X3/MX100 version Rev M

Description: The issue allows an unauthenticated attacker to access memory from an attacker-chosen device address within the same subnet, utilizing a "write-what-where" technique.

Recommendations: For IntelliVue Patient Monitors MP Series versions Rev B-M, restrict access to the device within the subnet to minimize the risk of exploitation. For IntelliVue Patient Monitors MX versions Rev J-M, consider implementing network segmentation to limit the attack surface. For Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0, J.3, limit device access to trusted networks only. For IntelliVue Patient Monitors X3/MX100 version Rev M, apply strict access controls to prevent unauthorized device access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.