First published: Wed Aug 22 2018(Updated: )
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Philips IntelliSpace Cardiovascular | <=3.1 | |
Philips Xcelera | <=4.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-14789 has a high severity due to the potential for arbitrary code execution and privilege escalation.
To address CVE-2018-14789, users should upgrade to Philips IntelliSpace Cardiovascular version 3.2 or later and Xcelera version 4.2 or later.
CVE-2018-14789 affects Philips IntelliSpace Cardiovascular versions 3.1 or prior and Xcelera versions 4.1 or prior.
CVE-2018-14789 represents an unquoted search path or element vulnerability.
Yes, CVE-2018-14789 can be exploited by an attacker to execute arbitrary code remotely.