First published: Wed Sep 26 2018(Updated: )
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Philips E-alert Firmware | <=r2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2018-8850 is critical with a value of 9.8.
The affected software of CVE-2018-8850 is Philips e-Alert Unit (non-medical device) Version R2.1 and prior.
CVE-2018-8850 allows an attacker to craft unexpected input which may result in unintended input for parts of the unit.
Yes, you can find references for CVE-2018-8850 at the following links: [SecurityFocus](http://www.securityfocus.com/bid/105194), [ICS-CERT](https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01), and [Philips](https://www.usa.philips.com/healthcare/about/customer-support/product-security).
The Common Weakness Enumeration (CWE) ID associated with CVE-2018-8850 is CWE-20.