{"api_version":"1","generated_at":"2026-04-24T14:36:49+00:00","cve":"CVE-2018-14789","urls":{"html":"https://cve.report/CVE-2018-14789","api":"https://cve.report/api/cve/CVE-2018-14789.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-14789","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-14789"},"summary":{"title":"CVE-2018-14789","description":"In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2018-08-22 18:29:00","updated_at":"2022-04-22 19:23:00"},"problem_types":["CWE-428"],"metrics":[],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01","name":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Philips IntelliSpace Cardiovascular Vulnerabilities | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.usa.philips.com/healthcare/about/customer-support/product-security","name":"https://www.usa.philips.com/healthcare/about/customer-support/product-security","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Product Security | Philips","mime":"text/html","httpstatus":"200","archivestatus":"403"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-14789","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14789","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"14789","vulnerable":"1","versionEndIncluding":"3.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"philips","cpe5":"intellispace_cardiovascular","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"14789","vulnerable":"1","versionEndIncluding":"4.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"philips","cpe5":"xcelera","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"14789","vulnerable":"1","versionEndIncluding":"3.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"phillips","cpe5":"intellispace_cardiovascular","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"14789","vulnerable":"1","versionEndIncluding":"4.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"phillips","cpe5":"xcelera","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","DATE_PUBLIC":"2018-08-14T00:00:00","ID":"CVE-2018-14789","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"IntelliSpace Cardiovascular (ISCV) products","version":{"version_data":[{"version_value":"IntelliSpace Cardiovascular, Version 3.1 or prior"},{"version_value":"Xcelera Version 4.1 or prior"}]}}]},"vendor_name":"Philips"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"UNQUOTED SEARCH PATH OR ELEMENT CWE-428"}]}]},"references":{"reference_data":[{"name":"https://www.usa.philips.com/healthcare/about/customer-support/product-security","refsource":"CONFIRM","url":"https://www.usa.philips.com/healthcare/about/customer-support/product-security"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-226-01"}]}},"nvd":{"publishedDate":"2018-08-22 18:29:00","lastModifiedDate":"2022-04-22 19:23:00","problem_types":["CWE-428"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":4.6},"severity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:philips:xcelera:*:*:*:*:*:*:*:*","versionEndIncluding":"4.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:philips:intellispace_cardiovascular:*:*:*:*:*:*:*:*","versionEndIncluding":"3.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"14789","Ordinal":"131522","Title":"CVE-2018-14789","CVE":"CVE-2018-14789","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"14789","Ordinal":"1","NoteData":"In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"14789","Ordinal":"2","NoteData":"2018-08-22","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"14789","Ordinal":"3","NoteData":"2018-08-22","Type":"Other","Title":"Modified"}]}}}