A vulnerability classified as critical was found in Philips IntelliVue WLAN (Wireless LAN Software) (version unknown). Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a code download vulnerability. The CWE definition for the vulnerability is CWE-494. The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:

Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

The weakness was published 09/12/2019. This vulnerability is known as CVE-2019-13534 since 07/11/2019. The exploitation appears to be easy. The attack can be launched remotely. The successful exploitation requires a single authentication. The technical details are unknown and an exploit is not publicly available. The attack technique deployed by this issue is T1495 according to MITRE ATT&CK.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Similar entry is available at VDB-141714.

Productinfo

Type

• Wireless LAN Software

Vendor

• Philips

Name

• IntelliVue WLAN

License

• commercial

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion