Description
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.
References (3)
Core 3
Core References
Third Party Advisory, US Government Resource, VDB Entry x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-18-228-01
Vendor Advisory x_refsource_confirm
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105103
Scores
CVSS v3
6.2
EPSS
0.0041
EPSS Percentile
32.4%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (5)
philips/pagewriter_tc10_firmware
philips/pagewriter_tc20_firmware
philips/pagewriter_tc30_firmware
philips/pagewriter_tc50_firmware
philips/pagewriter_tc70_firmware
Published
Aug 22, 2018
Tracked Since
Feb 18, 2026