According to the security agency report cve-2018-14787, it is a privilege management issue. In Philips’s intellispace cardiovascular (iscv) products (iscv version 2. X or earlier and Xcelera version 4.1 or earlier), “attackers with upgrade rights (including authenticated users) can access the folder of executable files with write rights, and then execute arbitrary code with local administrative rights,” the announcement said, ”Successful exploitation of these vulnerabilities may allow attackers with local access rights and users of iscv / Xcelera server to upgrade the permissions on the server and execute arbitrary code“
The announcement said that the second weakness announced in cve-2018-14789 is iscv version 3.1 or earlier and Xcelera version 4.1 or earlier, and pointed out that “an unquoted search path or element vulnerability has been identified, which may allow attackers to execute arbitrary code and enhance their privilege level“
In response to a security announcement, Philips said that “the result of confirming the complaint submitted by customers” is about 20 windows services on iscv version 2. X and earlier and Xcelera 3x – 4. X servers, of which the executable file exists in a folder that has been granted write permission to an authenticated user“ These services run as local administrator accounts or local system accounts, and if a user replaces one of the executable files with another program, the program will also use local administrator or local system privileges, “Philips suggests. It also recommends that “in iscv version 3. X and earlier and Xcelera 3. X – 4. X, there are 16 windows services without quotation marks in their pathnames“ These services run with local administrator privileges and can be started with registry keys, which may provide an attacker with a way to place executable files that grant local administrator privileges. “