Security restrictions bypass vulnerabilities in Philips PageWriter
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-14799 CVE-2018-14801 |
| CWE-ID | CWE-120 CWE-798 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
PageWriter TC70 Hardware solutions / Firmware PageWriter TC50 Hardware solutions / Firmware PageWriter TC30 Hardware solutions / Firmware PageWriter TC20 Hardware solutions / Firmware PageWriter TC10 Hardware solutions / Firmware |
| Vendor | Philips |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU14468
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:W/RC:C]
CVE-ID: CVE-2018-14799
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to bypass security restrictions on the target system.
The weakness exists due to boundary error or format string when handling malicious input. A local attacker can supply specially crafted data and trigger memory corruption to access and modify settings on the device.
Philips plans an update to correct these issues in the release scheduled for mid-year 2019.
Philips has also provided the following information regarding an operating system that is no longer supported by the operating system manufacturer:
- WinCE5 is an obsolete operating system, which is no longer supported by the operating system manufacturer and only applies to PageWriter TC20, TC30, TC50 and TC70.
- PageWriter TC50 and TC70 support WinCE7, which is available for download on InCenter by customers. Philips recommends replacing the TC20 and TC30 with the TC50 if customers are concerned about the obsolete operating system. For TC20, there will be an update to a supported operating system released by end of 2019.
Philips offers the following additional mitigation advice:
- Defense in depth
- Physical security is a foundational requirement
- For medical devices such as a PageWriter, controlling access to the system components provides key protection to the medical devices in the system.
- Physical security is a combination of policy, procedure and practice to control and monitor who has physical access.
- For medical devices, physical security provides multifactor authentication (the user physically must be at the device and provide something they know).
PageWriter TC70: All versions
PageWriter TC50: All versions
PageWriter TC30: All versions
PageWriter TC20: All versions
PageWriter TC10: All versions
CPE2.3- cpe:2.3:h:philips:pagewriter_tc70:*:*:*:*:*:*:*:
- cpe:2.3:h:philips:pagewriter_tc50:*:*:*:*:*:*:*:
- cpe:2.3:h:philips:pagewriter_tc30:*:*:*:*:*:*:*:
- cpe:2.3:h:philips:pagewriter_tc20:*:*:*:*:*:*:*:
- cpe:2.3:h:philips:pagewriter_tc10:*:*:*:*:*:*:*:
http://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use of hardcoded credentials
EUVDB-ID: #VU14469
Risk: Low
CVSSv3.1: 5.5 [CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:W/RC:C]
CVE-ID: CVE-2018-14801
CWE-ID:
CWE-798 - Use of Hard-coded Credentials
Exploit availability: No
DescriptionThe vulnerability allows a physical attacker with superuser privileges to bypass security restrictions on the target system.
The weakness exists due to use of hardcoded credentials. A physical attacker can enter the superuser password that can be used to access and modify all settings on the device, as well as to reset existing passwords.
Philips plans an update to correct these issues in the release scheduled for mid-year 2019.
Philips has also provided the following information regarding an operating system that is no longer supported by the operating system manufacturer:
- WinCE5 is an obsolete operating system, which is no longer supported by the operating system manufacturer and only applies to PageWriter TC20, TC30, TC50 and TC70.
- PageWriter TC50 and TC70 support WinCE7, which is available for download on InCenter by customers. Philips recommends replacing the TC20 and TC30 with the TC50 if customers are concerned about the obsolete operating system. For TC20, there will be an update to a supported operating system released by end of 2019.
Philips offers the following additional mitigation advice:
- Defense in depth
- Physical security is a foundational requirement
- For medical devices such as a PageWriter, controlling access to the system components provides key protection to the medical devices in the system.
- Physical security is a combination of policy, procedure and practice to control and monitor who has physical access.
- For medical devices, physical security provides multifactor authentication (the user physically must be at the device and provide something they know).
PageWriter TC70: All versions
PageWriter TC50: All versions
PageWriter TC30: All versions
PageWriter TC20: All versions
PageWriter TC10: All versions
CPE2.3- cpe:2.3:h:philips:pagewriter_tc70:*:*:*:*:*:*:*:
- cpe:2.3:h:philips:pagewriter_tc50:*:*:*:*:*:*:*:
- cpe:2.3:h:philips:pagewriter_tc30:*:*:*:*:*:*:*:
- cpe:2.3:h:philips:pagewriter_tc20:*:*:*:*:*:*:*:
- cpe:2.3:h:philips:pagewriter_tc10:*:*:*:*:*:*:*:
http://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
