Vendor CVEs
Philips
All CVEs
107 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-26262 | Med | 0.36 | 5.5 | 0.01 | Nov 19, 2021 | Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | ||
| CVE-2021-26248 | Med | 0.36 | 5.5 | 0.00 | Nov 19, 2021 | Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | ||
| CVE-2018-14803 | Med | 0.35 | 5.3 | 0.02 | Sep 26, 2018 | Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is… | ||
| CVE-2015-2883 | Med | 0.35 | 5.4 | 0.01 | Apr 10, 2017 | Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. | ||
| CVE-2018-14799 | Low | 0.24 | 3.7 | 0.01 | Aug 22, 2018 | In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities. | ||
| CVE-2023-40704 | 0.00 | — | 0.00 | Jul 18, 2024 | The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and… | |||
| CVE-2018-8863 | 0.00 | — | 0.01 | Nov 9, 2023 | The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information. | |||
| CVE-2021-39369 | 0.00 | — | 0.01 | Dec 26, 2022 | In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root. | |||
| CVE-2021-32966 | 0.00 | — | 0.00 | May 25, 2022 | Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to… | |||
| CVE-2022-0922 | 0.00 | — | 0.00 | Apr 1, 2022 | The software does not perform any authentication for critical system functionality. | |||
| CVE-2021-33018 | 0.00 | — | 0.01 | Apr 1, 2022 | The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information. | |||
| CVE-2021-33022 | 0.00 | — | 0.01 | Apr 1, 2022 | Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | |||
| CVE-2021-27497 | 0.00 | — | 0.01 | Apr 1, 2022 | Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. | |||
| CVE-2021-33024 | 0.00 | — | 0.01 | Apr 1, 2022 | Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. | |||
| CVE-2021-33020 | 0.00 | — | 0.01 | Apr 1, 2022 | Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. | |||
| CVE-2021-27501 | 0.00 | — | 0.01 | Apr 1, 2022 | Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. | |||
| CVE-2021-27493 | 0.00 | — | 0.01 | Apr 1, 2022 | Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. | |||
| CVE-2021-27456 | 0.00 | — | 0.00 | Mar 23, 2022 | Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control. | |||
| CVE-2021-43550 | 0.00 | — | 0.00 | Dec 27, 2021 | The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to… | |||
| CVE-2021-43548 | 0.00 | — | 0.00 | Dec 27, 2021 | Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | |||
| CVE-2021-43552 | 0.00 | — | 0.00 | Dec 27, 2021 | The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03. | |||
| CVE-2021-33017 | 0.00 | — | 0.00 | Dec 27, 2021 | The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication. | |||
| CVE-2021-32993 | 0.00 | — | 0.00 | Dec 27, 2021 | IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | |||
| CVE-2020-27298 | 0.00 | — | 0.01 | Jan 20, 2021 | Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an… | |||
| CVE-2020-16247 | 0.00 | — | 0.00 | Sep 18, 2020 | Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | |||
| CVE-2020-16200 | 0.00 | — | 0.01 | Sep 18, 2020 | Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available … | |||
| CVE-2020-16198 | 0.00 | — | 0.01 | Sep 18, 2020 | When an attacker claims to have a given identity, Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not prove or insufficiently proves the claim is correct. | |||
| CVE-2020-14525 | 0.00 | — | 0.00 | Sep 18, 2020 | Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users. | |||
| CVE-2020-14506 | 0.00 | — | 0.00 | Sep 18, 2020 | Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | |||
| CVE-2020-16212 | 0.00 | — | 0.00 | Sep 11, 2020 | In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is… | |||
| CVE-2020-16220 | 0.00 | — | 0.00 | Sep 11, 2020 | In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input … | |||
| CVE-2020-16216 | 0.00 | — | 0.01 | Sep 11, 2020 | In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process… | |||
| CVE-2020-16224 | 0.00 | — | 0.01 | Sep 11, 2020 | In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the … | |||
| CVE-2020-16228 | 0.00 | — | 0.00 | Sep 11, 2020 | In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation … | |||
| CVE-2020-16222 | 0.00 | — | 0.01 | Sep 11, 2020 | In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | |||
| CVE-2020-16214 | 0.00 | — | 0.01 | Sep 11, 2020 | In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the… | |||
| CVE-2020-16218 | 0.00 | — | 0.01 | Sep 11, 2020 | In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead… | |||
| CVE-2020-11618 | 0.00 | — | 0.00 | Aug 31, 2020 | THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol. | |||
| CVE-2020-11617 | 0.00 | — | 0.00 | Aug 31, 2020 | The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client. | |||
| CVE-2020-16239 | 0.00 | — | 0.01 | Aug 21, 2020 | When an actor claims to have a given identity, Philips SureSigns VS4, A.07.107 and prior does not prove or insufficiently proves the claim is correct. | |||
| CVE-2020-16241 | 0.00 | — | 0.00 | Aug 21, 2020 | Philips SureSigns VS4, A.07.107 and prior does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | |||
| CVE-2020-16237 | 0.00 | — | 0.00 | Aug 21, 2020 | Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | |||
| CVE-2020-14518 | 0.00 | — | 0.01 | Aug 21, 2020 | Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. | |||
| CVE-2020-14477 | 0.00 | — | 0.00 | Jun 26, 2020 | In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that… | |||
| CVE-2020-12023 | 0.00 | — | 0.00 | Jun 11, 2020 | Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the… | |||
| CVE-2020-6007 | 0.00 | — | 0.02 | Jan 23, 2020 | Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution. | |||
| CVE-2019-18263 | 0.00 | — | 0.00 | Dec 20, 2019 | An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura… | |||
| CVE-2019-18241 | 0.00 | — | 0.00 | Nov 25, 2019 | In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to… | |||
| CVE-2019-13546 | 0.00 | — | 0.00 | Oct 25, 2019 | In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to… | |||
| CVE-2019-13530 | 0.00 | — | 0.01 | Sep 12, 2019 | Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by… |
- risk 0.36cvss 5.5epss 0.01
Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- risk 0.36cvss 5.5epss 0.00
Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- risk 0.35cvss 5.3epss 0.02
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is…
- risk 0.35cvss 5.4epss 0.01
Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.
- risk 0.24cvss 3.7epss 0.01
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.
- CVE-2023-40704Jul 18, 2024risk 0.00cvss —epss 0.00
The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and…
- CVE-2018-8863Nov 9, 2023risk 0.00cvss —epss 0.01
The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.
- CVE-2021-39369Dec 26, 2022risk 0.00cvss —epss 0.01
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
- CVE-2021-32966May 25, 2022risk 0.00cvss —epss 0.00
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to…
- CVE-2022-0922Apr 1, 2022risk 0.00cvss —epss 0.00
The software does not perform any authentication for critical system functionality.
- CVE-2021-33018Apr 1, 2022risk 0.00cvss —epss 0.01
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.
- CVE-2021-33022Apr 1, 2022risk 0.00cvss —epss 0.01
Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
- CVE-2021-27497Apr 1, 2022risk 0.00cvss —epss 0.01
Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
- CVE-2021-33024Apr 1, 2022risk 0.00cvss —epss 0.01
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.
- CVE-2021-33020Apr 1, 2022risk 0.00cvss —epss 0.01
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
- CVE-2021-27501Apr 1, 2022risk 0.00cvss —epss 0.01
Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.
- CVE-2021-27493Apr 1, 2022risk 0.00cvss —epss 0.01
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
- CVE-2021-27456Mar 23, 2022risk 0.00cvss —epss 0.00
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.
- CVE-2021-43550Dec 27, 2021risk 0.00cvss —epss 0.00
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to…
- CVE-2021-43548Dec 27, 2021risk 0.00cvss —epss 0.00
Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
- CVE-2021-43552Dec 27, 2021risk 0.00cvss —epss 0.00
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.
- CVE-2021-33017Dec 27, 2021risk 0.00cvss —epss 0.00
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.
- CVE-2021-32993Dec 27, 2021risk 0.00cvss —epss 0.00
IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
- CVE-2020-27298Jan 20, 2021risk 0.00cvss —epss 0.01
Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an…
- CVE-2020-16247Sep 18, 2020risk 0.00cvss —epss 0.00
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
- CVE-2020-16200Sep 18, 2020risk 0.00cvss —epss 0.01
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available …
- CVE-2020-16198Sep 18, 2020risk 0.00cvss —epss 0.01
When an attacker claims to have a given identity, Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not prove or insufficiently proves the claim is correct.
- CVE-2020-14525Sep 18, 2020risk 0.00cvss —epss 0.00
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users.
- CVE-2020-14506Sep 18, 2020risk 0.00cvss —epss 0.00
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
- CVE-2020-16212Sep 11, 2020risk 0.00cvss —epss 0.00
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is…
- CVE-2020-16220Sep 11, 2020risk 0.00cvss —epss 0.00
In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input …
- CVE-2020-16216Sep 11, 2020risk 0.00cvss —epss 0.01
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process…
- CVE-2020-16224Sep 11, 2020risk 0.00cvss —epss 0.01
In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the …
- CVE-2020-16228Sep 11, 2020risk 0.00cvss —epss 0.00
In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation …
- CVE-2020-16222Sep 11, 2020risk 0.00cvss —epss 0.01
In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.
- CVE-2020-16214Sep 11, 2020risk 0.00cvss —epss 0.01
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the…
- CVE-2020-16218Sep 11, 2020risk 0.00cvss —epss 0.01
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead…
- CVE-2020-11618Aug 31, 2020risk 0.00cvss —epss 0.00
THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol.
- CVE-2020-11617Aug 31, 2020risk 0.00cvss —epss 0.00
The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client.
- CVE-2020-16239Aug 21, 2020risk 0.00cvss —epss 0.01
When an actor claims to have a given identity, Philips SureSigns VS4, A.07.107 and prior does not prove or insufficiently proves the claim is correct.
- CVE-2020-16241Aug 21, 2020risk 0.00cvss —epss 0.00
Philips SureSigns VS4, A.07.107 and prior does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
- CVE-2020-16237Aug 21, 2020risk 0.00cvss —epss 0.00
Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
- CVE-2020-14518Aug 21, 2020risk 0.00cvss —epss 0.01
Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.
- CVE-2020-14477Jun 26, 2020risk 0.00cvss —epss 0.00
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that…
- CVE-2020-12023Jun 11, 2020risk 0.00cvss —epss 0.00
Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the…
- CVE-2020-6007Jan 23, 2020risk 0.00cvss —epss 0.02
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
- CVE-2019-18263Dec 20, 2019risk 0.00cvss —epss 0.00
An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura…
- CVE-2019-18241Nov 25, 2019risk 0.00cvss —epss 0.00
In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to…
- CVE-2019-13546Oct 25, 2019risk 0.00cvss —epss 0.00
In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to…
- CVE-2019-13530Sep 12, 2019risk 0.00cvss —epss 0.01
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by…
Page 2 of 3