PT-2019-13394 · Philips · Philips Intellivue Wlan

Shawn Loveric

Published

2019-09-12

Updated

2019-10-09

CVE-2019-13530

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09 Philips IntelliVue WLAN, portable patient monitors, WLAN Version B, Firmware A.01.09

Description The issue allows an attacker to use credentials to login via ftp and upload a malicious firmware.

Recommendations For Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, restrict access to the ftp service to prevent malicious firmware uploads. For Philips IntelliVue WLAN, portable patient monitors, WLAN Version B, Firmware A.01.09, restrict access to the ftp service to prevent malicious firmware uploads.

Fix

Using Hardcoded Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-798CWE-259

Related Identifiers

CVE-2019-13530

Affected Products

Philips Intellivue Wlan

PT-2019-13394 · Philips · Philips Intellivue Wlan

CVE-2019-13530

Weakness Enumeration

Related Identifiers

Affected Products

References · 3