{"api_version":"1","generated_at":"2026-04-22T21:52:16+00:00","cve":"CVE-2018-8854","urls":{"html":"https://cve.report/CVE-2018-8854","api":"https://cve.report/api/cve/CVE-2018-8854.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-8854","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-8854"},"summary":{"title":"CVE-2018-8854","description":"Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2018-09-26 19:29:00","updated_at":"2019-10-09 23:42:00"},"problem_types":["CWE-400"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/105194","name":"105194","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01","name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01","refsource":"MISC","tags":["Mitigation","Third Party Advisory","US Government Resource"],"title":"Philips e-Alert Unit | ICS-CERT","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.usa.philips.com/healthcare/about/customer-support/product-security","name":"https://www.usa.philips.com/healthcare/about/customer-support/product-security","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Product Security | Philips","mime":"text/html","httpstatus":"200","archivestatus":"403"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-8854","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8854","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"8854","vulnerable":"1","versionEndIncluding":"r2.1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"philips","cpe5":"e-alert_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","DATE_PUBLIC":"2018-08-31T00:00:00","ID":"CVE-2018-8854","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"e-Alert Unit (non-medical device)","version":{"version_data":[{"version_value":"R2.1 and prior"}]}}]},"vendor_name":"Philips"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"UNCONTROLLED RESOURCE CONSUMPTION ('RESOURCE EXHAUSTION') CWE-400"}]}]},"references":{"reference_data":[{"name":"https://www.usa.philips.com/healthcare/about/customer-support/product-security","refsource":"CONFIRM","url":"https://www.usa.philips.com/healthcare/about/customer-support/product-security"},{"name":"105194","refsource":"BID","url":"http://www.securityfocus.com/bid/105194"},{"name":"https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01","refsource":"MISC","url":"https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01"}]}},"nvd":{"publishedDate":"2018-09-26 19:29:00","lastModifiedDate":"2019-10-09 23:42:00","problem_types":["CWE-400"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:philips:e-alert_firmware:*:*:*:*:*:*:*:*","versionEndIncluding":"r2.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"8854","Ordinal":"125223","Title":"CVE-2018-8854","CVE":"CVE-2018-8854","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"8854","Ordinal":"1","NoteData":"Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"8854","Ordinal":"2","NoteData":"2018-09-26","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"8854","Ordinal":"3","NoteData":"2018-09-27","Type":"Other","Title":"Modified"}]}}}