Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | xper_information_management_vascular_monitoring_5 | - |
| philips | xper_information_management_physiomonitoring_5 | - |
| philips | xper_flex_cardio | - |
| philips | xperconnect | * |
Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | in.sight_b120\37 | - |
Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | in.sight_b120\37 | - |
Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | in.sight_b120\37 | - |
The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| siemens | versant_kpcr_molecular_system_firmware | * |
| siemens | acuson_sc2000_firmware | * |
| siemens | acuson_x700_firmware | 1.0 |
| siemens | syngo_sc2000_firmware | 5.0a |
| siemens | acuson_p300_firmware | 13.02 |
| siemens | acuson_p300_firmware | 13.20 |
| siemens | acuson_x700_firmware | 1.1 |
| siemens | acuson_p300_firmware | 13.03 |
| siemens | acuson_p500_firmware | va10 |
| microsoft | server_message_block | 1.0 |
| philips | intellispace_portal | 8.0 |
| siemens | versant_kpcr_sample_prep_firmware | * |
| philips | intellispace_portal | 7.0 |
| siemens | tissue_preparation_system_firmware | * |
| siemens | syngo_sc2000_firmware | * |
| siemens | acuson_sc2000_firmware | 5.0a |
| siemens | acuson_p300_firmware | 13.21 |
| siemens | acuson_p500_firmware | vb10 |
Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellispace_portal | 8.0 |
| microsoft | windows_7 | - |
| microsoft | office | 2013 |
| microsoft | windows_server_2008 | - |
| microsoft | office | 2010 |
| philips | intellispace_portal | 7.0 |
| microsoft | windows_vista | - |
| microsoft | windows_server_2012 | - |
| microsoft | office | 2007 |
| microsoft | office | 2016 |
| microsoft | windows_server_2008 | r2 |
The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | xcelera | * |
| philips | intellispace_cardiovascular | * |
Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-326,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | hue_bridge_bsb002_firmware | 1707040932 |
Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. A number of applications developed using the Portrait Displays SDK do not use secure permissions when running. These applications run the component pdiservice.exe with NT AUTHORITY/SYSTEM permissions. This component is also read/writable by all Authenticated Users. This allows local authenticated attackers to run arbitrary code with SYSTEM privileges. The following applications have been identified by Portrait Displays as affected: Fujitsu DisplayView Click: Version 6.0 and 6.01. The issue was fixed in Version 6.3. Fujitsu DisplayView Click Suite: Version 5. The issue is addressed by patch in Version 5.9. HP Display Assistant: Version 2.1. The issue was fixed in Version 2.11. HP My Display: Version 2.0. The issue was fixed in Version 2.1. Philips Smart Control Premium: Versions 2.23, 2.25. The issue was fixed in Version 2.26.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-276,CWE-16,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | smart_control_premium | 2.23 |
| hp | my_display | 2.0 |
| hp | display_assistant | 2.1 |
| philips | smart_control_premium | 2.25 |
| portrait | portrait_display_sdk | * |
| fujitsu | displayview_click_suite | 5.0 |
| fujitsu | displayview_click | 6.0 |
| fujitsu | displayview_click | 6.01 |
The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-312,CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | dosewise | 1.1.7.333 |
| philips | dosewise | 2.1.1.3069 |
The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | dosewise | 1.1.7.333 |
| philips | dosewise | 2.1.1.3069 |
Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the central monitor, and thus should be operating in local monitoring mode (local audio-on, screen-on), but the MX40 WLAN itself can instead still be operating in telemetry mode (local audio-off, screen-off). If a patient experiences an alarm event and clinical staff expects the MX40 to provide local alarming when it is not available from the local device, a delay of treatment can occur. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point.
CVSS 2.0
Severity: LOW
Problem Type: CWE-460,CWE-755,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellivue_mx40_firmware | * |
Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access point. During this state, the Philips IntelliVue MX40 Version B.06.18 can either connect to an alternative access point within signal range for association to a central monitoring station, or it can remain in local monitoring mode until the device is reset by hospital staff. CVSS v3 base score: 6.5, CVSS vector string: AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Philips has released software update, Version B.06.18, to fix the improper cleanup on thrown exception vulnerability, and implement mitigations to reduce the risk associated with the improper handling of exceptional conditions vulnerability. The software update implements messaging and alarming on the MX40 and at the central monitoring station, when the MX40 disconnects from the access point.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-755,CWE-755,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellivue_mx40_firmware | * |
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.3 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H | 1.6 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellivue_mp50_firmware | - |
| philips | intellivue_x3_firmware | - |
| philips | avalon_fetal/maternal_monitors_fm20_firmware | - |
| philips | intellivue_mp70_firmware | - |
| philips | intellivue_mx450_firmware | - |
| philips | intellivue_mx700_firmware | - |
| philips | intellivue_mx100_firmware | - |
| philips | intellivue_mx500_firmware | - |
| philips | intellivue_mx800_firmware | - |
| philips | intellivue_mp30_firmware | - |
| philips | avalon_fetal/maternal_monitors_fm40_firmware | - |
| philips | avalon_fetal/maternal_monitors_fm50_firmware | - |
| philips | intellivue_np90_firmware | - |
| philips | avalon_fetal/maternal_monitors_fm30_firmware | - |
| philips | intellivue_mx400_firmware | - |
| philips | intellivue_x2_firmware | - |
| philips | intellivue_mp2_firmware | - |
| philips | intellivue_mx550_firmware | - |
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet.
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellivue_mp50_firmware | - |
| philips | intellivue_x3_firmware | - |
| philips | avalon_fetal/maternal_monitors_fm20_firmware | - |
| philips | intellivue_mp70_firmware | - |
| philips | intellivue_mx450_firmware | - |
| philips | intellivue_mx700_firmware | - |
| philips | intellivue_mx100_firmware | - |
| philips | intellivue_mx500_firmware | - |
| philips | intellivue_mx800_firmware | - |
| philips | intellivue_mp30_firmware | - |
| philips | avalon_fetal/maternal_monitors_fm40_firmware | - |
| philips | avalon_fetal/maternal_monitors_fm50_firmware | - |
| philips | intellivue_np90_firmware | - |
| philips | avalon_fetal/maternal_monitors_fm30_firmware | - |
| philips | intellivue_mx400_firmware | - |
| philips | intellivue_x2_firmware | - |
| philips | intellivue_mp2_firmware | - |
| philips | intellivue_mx550_firmware | - |
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.2 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H | 1.6 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-121,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellivue_mp50_firmware | - |
| philips | intellivue_x3_firmware | - |
| philips | avalon_fetal/maternal_monitors_fm20_firmware | - |
| philips | intellivue_mp70_firmware | - |
| philips | intellivue_mx450_firmware | - |
| philips | intellivue_mx700_firmware | - |
| philips | intellivue_mx100_firmware | - |
| philips | intellivue_mx500_firmware | - |
| philips | intellivue_mx800_firmware | - |
| philips | intellivue_mp30_firmware | - |
| philips | avalon_fetal/maternal_monitors_fm40_firmware | - |
| philips | avalon_fetal/maternal_monitors_fm50_firmware | - |
| philips | intellivue_np90_firmware | - |
| philips | avalon_fetal/maternal_monitors_fm30_firmware | - |
| philips | intellivue_mx400_firmware | - |
| philips | intellivue_x2_firmware | - |
| philips | intellivue_mp2_firmware | - |
| philips | intellivue_mx550_firmware | - |
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-269,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | xcelera | * |
| philips | intellispace_cardiovascular | * |
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.7 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 0.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-428,CWE-428,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | xcelera | * |
| philips | intellispace_cardiovascular | * |
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-119,CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | pagewriter_tc50_firmware | - |
| philips | pagewriter_tc30_firmware | - |
| philips | pagewriter_tc20_firmware | - |
| philips | pagewriter_tc10_firmware | - |
| philips | pagewriter_tc70_firmware | - |
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | pagewriter_tc50_firmware | - |
| philips | pagewriter_tc30_firmware | - |
| philips | pagewriter_tc20_firmware | - |
| philips | pagewriter_tc10_firmware | - |
| philips | pagewriter_tc70_firmware | - |
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | e-alert_firmware | * |
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-521,CWE-306,CWE-1188,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellispace_pacs | * |
| philips | isite_pacs | * |
Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-326,CWE-326,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | healthsuite_health | * |
Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record (EMR) system, where ISCV is in KIOSK mode for multiple users and using Windows authentication. This may allow an attacker to gain unauthorized access to patient health information and potentially modify this information.
CVSS 2.0
Severity: LOW
Problem Type: CWE-613,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellispace_cardiovascular | * |
In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-287,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | alice_6_firmware | * |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-489,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellispace_portal | 8.0 |
| philips | intellispace_portal | 9.0 |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellispace_portal | 8.0 |
| philips | intellispace_portal | 9.0 |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellispace_portal | 8.0 |
| philips | intellispace_portal | 9.0 |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellispace_portal | 8.0 |
| philips | intellispace_portal | 9.0 |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellispace_portal | 8.0 |
| philips | intellispace_portal | 9.0 |
Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellispace_portal | 8.0 |
| philips | intellispace_portal | 9.0 |
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-428,CWE-426,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellispace_portal | 8.0 |
| philips | intellispace_portal | 9.0 |
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-264,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellispace_portal | 8.0 |
| philips | intellispace_portal | 9.0 |
Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellispace_portal | 8.0 |
| philips | intellispace_portal | 9.0 |
In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-311,CWE-311,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | alice_6_firmware | * |
Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | hue_firmware | * |
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet.
CVSS 2.0
Severity: LOW
Problem Type: CWE-319,CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | e-alert_firmware | * |
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | e-alert_firmware | * |
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | e-alert_firmware | * |
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-276,CWE-732,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | e-alert_firmware | * |
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | e-alert_firmware | * |
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-384,CWE-384,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | e-alert_firmware | * |
Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk application, user, or an attacker to potentially attain unauthorized elevated privileges in Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior. Also, attackers may gain access to unauthorized resources from the underlying Windows operating system.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-250,CWE-269,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | _brilliance_ct_big_bore_firmware | * |
| philips | brilliance_firmware_64 | * |
| philips | brilliance_ict_firmware | * |
| philips | brilliance_ict_sp_firmware | * |
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-400,CWE-400,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | e-alert_firmware | * |
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | e-alert_firmware | * |
Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. An attacker could compromise these credentials and gain access to the system.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-798,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | _brilliance_ct_big_bore_firmware | * |
| philips | brilliance_firmware_64 | * |
| philips | brilliance_ict_firmware | * |
| philips | brilliance_ict_sp_firmware | * |
Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-668,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | _brilliance_ct_big_bore_firmware | * |
| philips | brilliance_firmware_64 | * |
| philips | brilliance_ict_firmware | * |
| philips | brilliance_ict_sp_firmware | * |
The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.2 | 3.6 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | encoreanywhere | * |
Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N | 0.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-477,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | zymed_holter_2010 | * |
In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.4 | LOW | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N | 0.8 | 2.5 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-477,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | hdi_4000_firmware | * |
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-259,CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellivue_mp_monitors_mp2/x2_firmware | a01.09 |
| philips | intellivue_mp_monitors_mp5/5sc_firmware | a.03.09 |
| philips | intellivue_mp_monitors_mx800/700/600_firmware | a.01.09 |
| philips | intellivue_mp_monitors_mp20-mp90_firmware | a.03.09 |
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-494,CWE-494,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellivue_mp_monitors_mp2/x2_firmware | a01.09 |
| philips | intellivue_mp_monitors_mp5/5sc_firmware | a.03.09 |
| philips | intellivue_mp_monitors_mx800/700/600_firmware | a.01.09 |
| philips | intellivue_mp_monitors_mp20-mp90_firmware | a.03.09 |
In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-668,CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellispace_perinatal | * |
In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-200,CWE-200,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | tasy_webportal | * |
| philips | tasy_emr | * |
In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-326,CWE-326,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellibridge_ec40_firmware | * |
| philips | intellibridge_ec80_firmware | * |
An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018). The router software uses an encryption scheme that is not strong enough for the level of protection required.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-326,CWE-326,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | pulsera_firmware | - |
| philips | veradius_unity_firmware | - |
| philips | endura_firmware | - |
On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,CWE-311,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | taolight_smart_wi-fi_wiz_connected_led_bulb_9290022656_firmware | - |
In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | tasy_emr | * |
The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.9 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N | 2.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-295,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | dtr3502bfta_dvb-t2_firmware | 2.2.1 |
| thomsonstb | tht741fta_firmware | 2.2.1 |
THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.8 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 1.8 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | dtr3502bfta_dvb-t2_firmware | 2.2.1 |
| thomsonstb | tht741fta_firmware | 2.2.1 |
Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which are secured behind the login based administrative web portal. The unencrypted user credentials sent from the affected products listed above, for the purpose of handshake or authentication with the Enterprise Systems, are logged as the payload in IntelliBridge Enterprise (IBE) within the transaction logs. An attacker with administrative privileges could exploit this vulnerability to read plain text credentials from log files.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 0.9 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-532,CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellibridge_enterprise | * |
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 1.8 | 2.5 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-288,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | clearvue_350_firmware | * |
| philips | cx50_firmware | 5.0.2 |
| philips | affiniti_50_firmware | * |
| philips | epiq_7_firmware | * |
| philips | sparq_firmware | * |
| philips | clearvue_850_firmware | * |
| philips | xperius_firmware | * |
| philips | affiniti_70_firmware | * |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N | 2.8 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | clinical_collaboration_platform | * |
Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N | 3.9 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-532,CWE-532,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | dreammapper | * |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.5 | LOW | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.1 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-83,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | clinical_collaboration_platform | * |
When an attacker claims to have a given identity, Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not prove or insufficiently proves the claim is correct.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.3 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L | 2.8 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-693,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | clinical_collaboration_platform | * |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-757,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | clinical_collaboration_platform | * |
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.8 | MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.9 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-668,CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | patient_information_center_ix | c.03 |
| philips | patient_information_center_ix | b.02 |
| philips | patient_information_center_ix | c.02 |
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.0 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 1.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-1236,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | patient_information_center_ix | c.03 |
| philips | patient_information_center_ix | b.02 |
| philips | patient_information_center_ix | c.02 |
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellivue_x3_firmware | - |
| philips | intellivue_mx700_firmware | - |
| philips | intellivue_mx100_firmware | - |
| philips | intellivue_mx750_firmware | - |
| philips | intellivue_mx800_firmware | - |
| philips | intellivue_mx600_firmware | - |
| philips | patient_information_center_ix | c.03 |
| philips | patient_information_center_ix | b.02 |
| philips | intellivue_mx400_firmware | - |
| philips | intellivue_x2_firmware | - |
| philips | patient_information_center_ix | c.02 |
| philips | performancebridge_focal_point | a.01 |
| philips | intellivue_mx850_firmware | - |
| philips | intellivue_mx550_firmware | - |
| philips | intellivue_mp2-mp90_firmware | - |
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 3.5 | LOW | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.1 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | patient_information_center_ix | c.03 |
| philips | patient_information_center_ix | b.02 |
| philips | patient_information_center_ix | c.02 |
In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L | 2.8 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-1286,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | patient_information_center_ix | c.03 |
| philips | patient_information_center_ix | b.02 |
| philips | patient_information_center_ix | c.02 |
| philips | performancebridge_focal_point | a.01 |
In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | patient_information_center_ix | c.03 |
| philips | patient_information_center_ix | b.02 |
| philips | patient_information_center_ix | c.02 |
| philips | performancebridge_focal_point | a.01 |
In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-130,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | patient_information_center_ix | c.03 |
| philips | patient_information_center_ix | c.02 |
In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.4 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L | 0.9 | 5.5 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-299,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellivue_x3_firmware | - |
| philips | intellivue_mx700_firmware | - |
| philips | intellivue_mx100_firmware | - |
| philips | intellivue_mx750_firmware | - |
| philips | intellivue_mx800_firmware | - |
| philips | intellivue_mx600_firmware | - |
| philips | patient_information_center_ix | c.03 |
| philips | patient_information_center_ix | b.02 |
| philips | intellivue_mx400_firmware | - |
| philips | intellivue_x2_firmware | - |
| philips | patient_information_center_ix | c.02 |
| philips | performancebridge_focal_point | a.01 |
| philips | intellivue_mx850_firmware | - |
| philips | intellivue_mx550_firmware | - |
| philips | intellivue_mp2-mp90_firmware | - |
Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 2.1 | LOW | CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 0.7 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | suresigns_vs4_firmware | * |
When an actor claims to have a given identity, Philips SureSigns VS4, A.07.107 and prior does not prove or insufficiently proves the claim is correct.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | 1.2 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-287,CWE-287,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | suresigns_vs4_firmware | * |
Philips SureSigns VS4, A.07.107 and prior does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 2.1 | LOW | CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L | 0.7 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-284,CWE-863,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | suresigns_vs4_firmware | * |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 1.8 | 5.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-16,CWE-668,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | clinical_collaboration_platform | * |
Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-78,CWE-78,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | interventional_workspot | 1.4.0 |
| philips | stentboost_live | 1.0 |
| philips | coronary_tools | 1.0 |
| philips | viewforum | 6.3v1l10 |
| philips | interventional_workspot | 1.4.3 |
| philips | interventional_workspot | 1.4.5 |
| philips | interventional_workspot | 1.4.1 |
| philips | interventional_workspot | 1.3.2 |
| philips | dynamic_coronary_roadmap | 1.0 |
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.9 | HIGH | CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H | 1.2 | 6.0 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-122,CWE-787,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | hue_bridge_v2_firmware | * |
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cve@rapid7.com | 7.4 | HIGH | CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L | 0.8 | 6.0 |
| nvd@nist.gov | 7.3 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H | 1.3 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-427,CWE-427,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | smartcontrol | * |
The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 4.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N | 2.8 | 1.4 |
| ics-cert@hq.dhs.gov | 2.6 | LOW | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N | 1.2 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | engage | * |
Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
| ics-cert@hq.dhs.gov | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.5 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-708,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | mri_3t_firmware | * |
| philips | mri_1.5t_firmware | * |
Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
| ics-cert@hq.dhs.gov | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.5 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | mri_3t_firmware | * |
| philips | mri_1.5t_firmware | * |
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 3.9 | 2.5 |
| ics-cert@hq.dhs.gov | 6.1 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N | 2.8 | 2.7 |
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | myvue | * |
| philips | vue_motion | * |
| philips | vue_pacs | * |
| philips | speech | * |
Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
| ics-cert@hq.dhs.gov | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N | 2.2 | 4.2 |
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | myvue | * |
| philips | vue_motion | * |
| philips | vue_pacs | * |
| philips | speech | * |
Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-710,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | myvue | * |
| philips | vue_motion | * |
| philips | vue_pacs | * |
| philips | speech | * |
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| ics-cert@hq.dhs.gov | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | 2.2 | 1.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | interoperability_solution_xds | * |
IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| ics-cert@hq.dhs.gov | 8.1 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-798,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellibridge_ec40_firmware | * |
| philips | intellibridge_ec80_firmware | * |
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
| ics-cert@hq.dhs.gov | 8.1 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H | 2.8 | 5.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-288,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | intellibridge_ec40_firmware | * |
| philips | intellibridge_ec80_firmware | * |
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| ics-cert@hq.dhs.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H | 1.6 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-327,CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | myvue | * |
| philips | vue_motion | * |
| philips | vue_pacs | * |
| philips | speech | * |
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
| ics-cert@hq.dhs.gov | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N | 3.9 | 4.2 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-324,CWE-672,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | myvue | * |
| philips | vue_motion | * |
| philips | vue_pacs | * |
| philips | speech | * |
Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 3.9 | 3.6 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-319,CWE-319,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | myvue | * |
| philips | vue_motion | * |
| philips | vue_pacs | * |
| philips | speech | * |
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 3.7 | LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N | 2.2 | 1.4 |
| nvd@nist.gov | 7.5 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 3.9 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-522,CWE-522,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | myvue | * |
| philips | vue_motion | * |
| philips | vue_pacs | * |
| philips | speech | * |
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | vue_motion | * |
| philips | myvue | - |
| philips | speech | - |
| philips | vue_pacs | - |
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | tasy_electronic_medical_record | 3.06 |
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | tasy_electronic_medical_record | 3.06 |
Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 6.2 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.5 | 3.6 |
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-200,NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | mri_3t_firmware | * |
| philips | mri_1.5t_firmware | * |
Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N | 2.8 | 3.6 |
| ics-cert@hq.dhs.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | patient_information_center_ix | c.03 |
| philips | patient_information_center_ix | c.02 |
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 5.9 | MEDIUM | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N | 1.6 | 4.2 |
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | 2.8 | 3.6 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-327,CWE-327,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | patient_information_center_ix | c.03 |
| philips | efficia_cm_firmware | * |
| philips | efficia_cm_firmware | 4.0 |
| philips | patient_information_center_ix | c.02 |
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.5 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N | 1.8 | 3.6 |
| ics-cert@hq.dhs.gov | 6.1 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N | 1.8 | 4.2 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-321,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | patient_information_center_ix | c.03 |
| philips | patient_information_center_ix | b.02 |
| philips | patient_information_center_ix | c.02 |
The software does not perform any authentication for critical system functionality.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
| nvd@nist.gov | 6.5 | MEDIUM | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | 2.8 | 3.6 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-306,CWE-306,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | e-alert_firmware | * |
A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 8.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N | 3.9 | 4.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | vue_pacs | * |
Philips Vue PACS does not properly assign, modify, track, or check actor privileges, creating an unintended sphere of control for that actor.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 1.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | vue_pacs | * |
Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 4.4 | MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N | 1.8 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | vue_pacs | * |
Philips Vue PACS uses default credentials for potentially critical functionality.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| ics-cert@hq.dhs.gov | 7.1 | HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N | 1.8 | 5.2 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | vue_pacs | * |
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 3.9 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | clinical_collaboration_platform | 12.2.1.5 |
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 3.9 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | clinical_collaboration_platform | 12.2.1.5 |
Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N | 3.9 | 2.5 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | clinical_collaboration_platform | 12.2.1.5 |
Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this vulnerability in that the user must initiate the device pairing process. The specific flaw exists within the handling of custom Zigbee ZCL frames in the Model Info download functionality. The issue results from the lack of proper validation of the size of data prior to copying it to a fixed-size heap buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28276.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | hue_bridge_v2_firmware | * |
Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HomeKit service. Was ZDI-CAN-28326.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | hue_bridge_v2_firmware | * |
Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the hap_pair_verify_handler function of the hk_hap service, which listens on TCP port 8080 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-28337.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | hue_bridge_v2_firmware | * |
Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28374.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | hue_bridge_v2_firmware | * |
Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the SRP authentication mechanism in the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. The issue results from the use of a static nonce value. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28451.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | hue_bridge_v2_firmware | * |
Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function of the HomeKit implementation, which listens on TCP port 8080 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28469.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | hue_bridge_v2_firmware | * |
Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of PUT requests to the characteristics endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28479.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | hue_bridge_v2_firmware | * |
Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ed25519_sign_open function. The issue results from improper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28480.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| philips | hue_bridge_v2_firmware | * |