CVE-2018-10597
moderate-risk
Published 2018-06-05
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.
Do I need to act?
-
0.13% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.3/10
High
ADJACENT_NETWORK
/ HIGH complexity
Affected Products (18)
Intellivue Mp2 Firmware
Intellivue X2 Firmware
Intellivue Mp30 Firmware
Intellivue Mp50 Firmware
Intellivue Mp70 Firmware
Intellivue Np90 Firmware
Intellivue Mx700 Firmware
Intellivue Mx800 Firmware
Intellivue Mx400 Firmware
Intellivue Mx450 Firmware
Intellivue Mx500 Firmware
Intellivue Mx550 Firmware
Intellivue X3 Firmware
Intellivue Mx100 Firmware
Avalon Fetal\/Maternal Monitors Fm20 Firmware
Avalon Fetal\/Maternal Monitors Fm30 Firmware
Avalon Fetal\/Maternal Monitors Fm40 Firmware
Avalon Fetal\/Maternal Monitors Fm50 Firmware
Affected Vendors
References (2)
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01
Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSMA-18-156-01
42
/ 100
moderate-risk
Severity
22/34 · High
Exploitability
1/34 · Minimal
Exposure
19/34 · Moderate