First published: Wed Sep 26 2018(Updated: )
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data.
Credit: ics-cert@hq.dhs.gov
Affected Software | Affected Version | How to fix |
---|---|---|
Philips E-alert Firmware | <=r2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-8856 is a vulnerability found in Philips e-Alert Unit (non-medical device) Version R2.1 and prior. The software contains a hard-coded cryptographic key, which it uses for encryption of internal data.
CVE-2018-8856 has a severity rating of 9.8, which is classified as critical.
Yes, Philips has released updated firmware to address the vulnerability. It is recommended to install the latest version of the Philips e-Alert Unit firmware (version R2.1.1 or later).
You can find more information about CVE-2018-8856 at the following references: [SecurityFocus](http://www.securityfocus.com/bid/105194), [US-CERT Advisory](https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01), [Philips Product Security](https://www.usa.philips.com/healthcare/about/customer-support/product-security).
The CWE ID of CVE-2018-8856 is CWE-798, which stands for Use of Hard-coded Credentials.