Philips reveals code execution vulnerabilities in cardiovascular devices
Only a low level of skill is required to exploit the bugs. Vulnerabilities have been discovered in multiple versions of Philips cardiovascular imaging devices. According to a security advisory from the US Department of Homeland Security's ICS-CERT, the first vulnerability, CVE-2018-14787 , is a high-severity flaw which affects the Philips IntelliSpace Cardiovascular and Xcelera IntelliSpace Cardiovascular (ISCV) products. The advisory says that the vulnerability takes only a "low-level skill" to exploit and is caused by improper privilege management. In ISCV software version 2.x or prior and Xcelera Version 4.1 or prior, attackers with escalated privileges are able to access folders potentially containing executables which give authenticated users write permissions. "Successful exploitation of these vulnerabilities could allow an attacker with local access and users privileges to the ISCV/Xcelera server to escalate privileges on the ISCV/Xcelera server...