{"api_version":"1","generated_at":"2026-04-22T19:59:35+00:00","cve":"CVE-2018-5470","urls":{"html":"https://cve.report/CVE-2018-5470","api":"https://cve.report/api/cve/CVE-2018-5470.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-5470","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-5470"},"summary":{"title":"CVE-2018-5470","description":"Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2018-03-26 14:29:00","updated_at":"2019-10-09 23:41:00"},"problem_types":["CWE-426"],"metrics":[],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","name":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Philips Intellispace Portal ISP Vulnerabilities | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/103182","name":"103182","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Philips Intellispace Portal Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.usa.philips.com/healthcare/about/customer-support/product-security","name":"https://www.usa.philips.com/healthcare/about/customer-support/product-security","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Product Security | Philips","mime":"text/html","httpstatus":"200","archivestatus":"403"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-5470","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5470","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"5470","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"philips","cpe5":"intellispace_portal","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5470","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"philips","cpe5":"intellispace_portal","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5470","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"philips","cpe5":"intellispace_portal","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5470","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"philips","cpe5":"intellispace_portal","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","DATE_PUBLIC":"2018-02-27T00:00:00","ID":"CVE-2018-5470","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Philips IntelliSpace Portal","version":{"version_data":[{"version_value":"8.0.x"},{"version_value":"7.0.x"}]}}]},"vendor_name":"Philips"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"UNQUOTED SEARCH PATH OR ELEMENT CWE-428"}]}]},"references":{"reference_data":[{"name":"https://www.usa.philips.com/healthcare/about/customer-support/product-security","refsource":"CONFIRM","url":"https://www.usa.philips.com/healthcare/about/customer-support/product-security"},{"name":"103182","refsource":"BID","url":"http://www.securityfocus.com/bid/103182"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"}]}},"nvd":{"publishedDate":"2018-03-26 14:29:00","lastModifiedDate":"2019-10-09 23:41:00","problem_types":["CWE-426"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:philips:intellispace_portal:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:philips:intellispace_portal:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"5470","Ordinal":"121440","Title":"CVE-2018-5470","CVE":"CVE-2018-5470","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"5470","Ordinal":"1","NoteData":"Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"5470","Ordinal":"2","NoteData":"2018-03-26","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"5470","Ordinal":"3","NoteData":"2018-03-27","Type":"Other","Title":"Modified"}]}}}