First published: Wed Sep 26 2018(Updated: )
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Philips E-alert Firmware | <=r2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-8842 is a vulnerability in Philips e-Alert Unit (non-medical device) Version R2.1 and prior.
CVE-2018-8842 has a severity score of 8.8 (high).
CVE-2018-8842 affects Philips e-Alert Unit by transmitting sensitive or security-critical data in cleartext over an unencrypted communication channel.
Unauthorized actors can exploit CVE-2018-8842 by sniffing the unencrypted communication channel and intercepting the sensitive data.
A fix for CVE-2018-8842 is to update Philips e-Alert Unit to a version later than R2.1.