{"api_version":"1","generated_at":"2026-04-22T19:58:22+00:00","cve":"CVE-2018-5472","urls":{"html":"https://cve.report/CVE-2018-5472","api":"https://cve.report/api/cve/CVE-2018-5472.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-5472","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-5472"},"summary":{"title":"CVE-2018-5472","description":"Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2018-03-26 14:29:00","updated_at":"2019-10-09 23:41:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","name":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","refsource":"MISC","tags":["Third Party Advisory","US Government Resource"],"title":"Philips Intellispace Portal ISP Vulnerabilities | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/103182","name":"103182","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Philips Intellispace Portal Multiple Security Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.usa.philips.com/healthcare/about/customer-support/product-security","name":"https://www.usa.philips.com/healthcare/about/customer-support/product-security","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Product Security | Philips","mime":"text/html","httpstatus":"200","archivestatus":"403"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-5472","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5472","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"5472","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"philips","cpe5":"intellispace_portal","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5472","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"philips","cpe5":"intellispace_portal","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5472","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"philips","cpe5":"intellispace_portal","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"5472","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"philips","cpe5":"intellispace_portal","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","DATE_PUBLIC":"2018-02-27T00:00:00","ID":"CVE-2018-5472","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Philips IntelliSpace Portal","version":{"version_data":[{"version_value":"8.0.x"},{"version_value":"7.0.x"}]}}]},"vendor_name":"Philips"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264"}]}]},"references":{"reference_data":[{"name":"https://www.usa.philips.com/healthcare/about/customer-support/product-security","refsource":"CONFIRM","url":"https://www.usa.philips.com/healthcare/about/customer-support/product-security"},{"name":"103182","refsource":"BID","url":"http://www.securityfocus.com/bid/103182"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"}]}},"nvd":{"publishedDate":"2018-03-26 14:29:00","lastModifiedDate":"2019-10-09 23:41:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":true,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:philips:intellispace_portal:9.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:philips:intellispace_portal:8.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"5472","Ordinal":"121442","Title":"CVE-2018-5472","CVE":"CVE-2018-5472","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"5472","Ordinal":"1","NoteData":"Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"5472","Ordinal":"2","NoteData":"2018-03-26","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"5472","Ordinal":"3","NoteData":"2018-03-27","Type":"Other","Title":"Modified"}]}}}