ICSA-18-242-01 · Published 2018-08-30 · View on CISA ICS-CERT ↗

Philips e-Alert Unit

CVSS 7.5 HIGH

Risk Summary

Successful exploitation from an attacker within the same subnet may impact or compromise user contact details, unit integrity, and/or unit availability. The vulnerabilities may allow attackers to provide unexpected input into the application, execute arbitrary code, display unit information, or potentially cause e-Alert to crash.

CVEs (8)

CVE-2018-8850 CVE-2018-8846 CVE-2018-14803 CVE-2018-8848 CVE-2018-8842 CVE-2018-8844 CVE-2018-8852 CVE-2018-8854

Remediations

Please see the Philips product security website for the latest public security information on this matter and for other Philips products:
Ensure that network security best practices are implemented, and
Limit network access to e-Alert in accordance with product documentation.
Users with questions regarding their specific e-Alert installations should contact their local Philips service support team or their regional e-Alert service support. Contact information is available at the following location:

Affected Vendors

Philips

Affected Products (1)

Philips · Philips e-Alert Unit (non-medical device) <= R2.1

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more