#VU21104 Use of Hard-coded Password


Published: 2019-09-13

Vulnerability identifier: #VU21104

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-13530

CWE-ID: CWE-259

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
IntelliVue MX600
Hardware solutions / Medical equipment
IntelliVue MX700
Hardware solutions / Medical equipment
IntelliVue MX800
Hardware solutions / Medical equipment
IntelliVue MPX2
Hardware solutions / Medical equipment
IntelliVue MP2
Hardware solutions / Medical equipment
IntelliVue MP5SC
Hardware solutions / Medical equipment
IntelliVue MP5
Hardware solutions / Medical equipment
IntelliVue MP90
Hardware solutions / Medical equipment
IntelliVue MP80
Hardware solutions / Medical equipment
IntelliVue MP70
Hardware solutions / Medical equipment
IntelliVue MP60
Hardware solutions / Medical equipment
IntelliVue MP50
Hardware solutions / Medical equipment
IntelliVue MP40
Hardware solutions / Medical equipment
IntelliVue MP30
Hardware solutions / Medical equipment
IntelliVue MP20
Hardware solutions / Medical equipment

Vendor: Philips

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the software contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. A remote attacker can use these credentials to login via ftp and upload a malicious firmware.

Mitigation
This vulnerability was fixed only in the WLAN Version C.

Vulnerable software versions

IntelliVue MX600: A.01.09

IntelliVue MX700: A.01.09

IntelliVue MX800: A.01.09

IntelliVue MPX2: A.01.09

IntelliVue MP2: A.01.09

IntelliVue MP5SC: A.03.09

IntelliVue MP5: A.03.09

IntelliVue MP90: A.03.09

IntelliVue MP80: A.03.09

IntelliVue MP70: A.03.09

IntelliVue MP60: A.03.09

IntelliVue MP50: A.03.09

IntelliVue MP40 : A.03.09

IntelliVue MP30: A.03.09

IntelliVue MP20: A.03.09


CPE

External links
http://www.us-cert.gov/ics/advisories/icsma-19-255-01


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability