VYPR

Vendor CVEs

Philips

All CVEs

107 total · sorted by risk
  • CVE-2017-0143HigKEVMar 17, 2017
    risk 0.86cvss 8.8epss 0.93

    The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via…

  • CVE-2017-0199HigKEVApr 12, 2017
    risk 0.80cvss 7.8epss 1.00

    Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft…

  • CVE-2018-8856CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.01

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data.

  • CVE-2018-8850CriSep 26, 2018
    risk 0.64cvss 9.8epss 0.04

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended…

  • CVE-2018-7498CriMar 28, 2018
    risk 0.64cvss 9.8epss 0.01

    In Philips Alice 6 System version R8.0.2 or prior, the lack of proper data encryption passes up the guarantees of confidentiality, integrity, and accountability that properly implemented encryption conveys.

  • CVE-2018-5451CriMar 28, 2018
    risk 0.64cvss 9.8epss 0.03

    In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly…

  • CVE-2018-5474CriMar 26, 2018
    risk 0.64cvss 9.8epss 0.06

    Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash.

  • CVE-2018-5472CriMar 26, 2018
    risk 0.64cvss 9.8epss 0.05

    Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.

  • CVE-2018-5468CriMar 26, 2018
    risk 0.64cvss 9.8epss 0.05

    Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code

  • CVE-2015-2882CriApr 10, 2017
    risk 0.64cvss 9.8epss 0.02

    Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448…

  • CVE-2017-9656CriApr 24, 2018
    risk 0.59cvss 9.1epss 0.02

    The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this…

  • CVE-2026-3562HigMar 16, 2026
    risk 0.57cvss 8.8epss 0.00

    Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this…

  • CVE-2026-3560HigMar 16, 2026
    risk 0.57cvss 8.8epss 0.00

    Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to…

  • CVE-2026-3556HigMar 16, 2026
    risk 0.57cvss 8.8epss 0.01

    Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this…

  • CVE-2018-8852HigSep 26, 2018
    risk 0.57cvss 8.8epss 0.02

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier.

  • CVE-2018-8844HigSep 26, 2018
    risk 0.57cvss 8.8epss 0.01

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

  • CVE-2018-8842HigSep 26, 2018
    risk 0.57cvss 8.8epss 0.01

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which…

  • CVE-2018-8861HigMay 4, 2018
    risk 0.57cvss 8.7epss 0.00

    Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or…

  • CVE-2018-8853HigMay 4, 2018
    risk 0.57cvss 8.8epss 0.00

    Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. Windows boots by default with elevated Windows privileges, enabling a kiosk application, user, or an attacker to potentially attain unauthorized elevated…

  • CVE-2017-9654HigApr 24, 2018
    risk 0.57cvss 8.8epss 0.01

    The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

  • CVE-2026-3559HigMar 16, 2026
    risk 0.53cvss 8.1epss 0.00

    Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this…

  • CVE-2026-3558HigMar 16, 2026
    risk 0.53cvss 8.1epss 0.00

    Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this…

  • CVE-2018-10601HigJun 5, 2018
    risk 0.53cvss 8.2epss 0.00

    IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have…

  • CVE-2018-5454HigMar 26, 2018
    risk 0.53cvss 8.1epss 0.04

    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime.

  • CVE-2026-3561HigMar 16, 2026
    risk 0.52cvss 8.0epss 0.01

    Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to…

  • CVE-2026-3557HigMar 16, 2026
    risk 0.52cvss 8.0epss 0.01

    Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is…

  • CVE-2026-3555HigMar 16, 2026
    risk 0.52cvss 8.0epss 0.00

    Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to…

  • CVE-2018-14787HigAug 22, 2018
    risk 0.51cvss 7.8epss 0.00

    In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute…

  • CVE-2018-8857HigMay 4, 2018
    risk 0.51cvss 7.8epss 0.00

    Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it…

  • CVE-2018-5470HigMar 26, 2018
    risk 0.51cvss 7.8epss 0.01

    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.

  • CVE-2025-3424HigApr 7, 2025
    risk 0.50cvss epss 0.00

    The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the "Object Marshalling" technique, which allows an attacker to read internal files without any authentication. This is possible…

  • CVE-2018-8854HigSep 26, 2018
    risk 0.49cvss 7.5epss 0.03

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended.

  • CVE-2018-8848HigSep 26, 2018
    risk 0.49cvss 7.5epss 0.02

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.

  • CVE-2018-5466HigMar 26, 2018
    risk 0.49cvss 7.5epss 0.02

    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.

  • CVE-2018-5464HigMar 26, 2018
    risk 0.49cvss 7.5epss 0.02

    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.

  • CVE-2018-5462HigMar 26, 2018
    risk 0.49cvss 7.5epss 0.02

    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.

  • CVE-2018-5458HigMar 26, 2018
    risk 0.49cvss 7.5epss 0.01

    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information.

  • CVE-2017-14797HigOct 1, 2017
    risk 0.49cvss 7.5epss 0.00

    Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to…

  • CVE-2015-2884HigApr 10, 2017
    risk 0.49cvss 7.5epss 0.01

    Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi.

  • CVE-2025-3425HigApr 7, 2025
    risk 0.48cvss epss 0.00

    The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the deserialization vulnerability. After analyzing the configuration files, we observed that the server had set the…

  • CVE-2025-3426HigApr 7, 2025
    risk 0.47cvss epss 0.00

    We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result,…

  • CVE-2017-14111HigNov 17, 2017
    risk 0.47cvss 7.2epss 0.02

    The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user…

  • CVE-2024-9991HigOct 25, 2024
    risk 0.46cvss epss 0.00

    This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi…

  • CVE-2018-14789MedAug 22, 2018
    risk 0.44cvss 6.7epss 0.00

    In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of…

  • CVE-2017-9658MedApr 30, 2018
    risk 0.42cvss 6.5epss 0.01

    Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access…

  • CVE-2017-9657MedApr 30, 2018
    risk 0.42cvss 6.5epss 0.01

    Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. In this state, the central monitoring station can indicate the MX40 is not connected or associated to the…

  • CVE-2018-5438MedMar 20, 2018
    risk 0.41cvss 6.3epss 0.00

    Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record (EMR) system, where…

  • CVE-2018-8846MedSep 26, 2018
    risk 0.40cvss 6.1epss 0.01

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users.

  • CVE-2018-14801MedAug 22, 2018
    risk 0.40cvss 6.2epss 0.00

    In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow…

  • CVE-2021-42744MedNov 19, 2021
    risk 0.36cvss 5.5epss 0.00

    Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Page 1 of 3