CVE-2018-10601

CVE-2018-10601

Vendor Ics-Cert
Product IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors
Weakness CWE-121
Published June 5, 2018
Last update September 17, 2024

CVSS base score

What the vulnerability does

01Description

IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.

Key dates

02Disclosure timeline

June 5, 2018 CVE published
September 17, 2024 Record updated