VYPR

Vendor CVEs

Philips

All CVEs

107 total · sorted by risk
  • CVE-2021-26262MedNov 19, 2021
    risk 0.36cvss 5.5epss 0.01

    Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

  • CVE-2021-26248MedNov 19, 2021
    risk 0.36cvss 5.5epss 0.00

    Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

  • CVE-2018-14803MedSep 26, 2018
    risk 0.35cvss 5.3epss 0.02

    Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is…

  • CVE-2015-2883MedApr 10, 2017
    risk 0.35cvss 5.4epss 0.01

    Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php.

  • CVE-2018-14799LowAug 22, 2018
    risk 0.24cvss 3.7epss 0.01

    In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities.

  • CVE-2023-40704Jul 18, 2024
    risk 0.00cvss epss 0.00

    The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and…

  • CVE-2018-8863Nov 9, 2023
    risk 0.00cvss epss 0.01

    The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.

  • CVE-2021-39369Dec 26, 2022
    risk 0.00cvss epss 0.01

    In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.

  • CVE-2021-32966May 25, 2022
    risk 0.00cvss epss 0.00

    Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to…

  • CVE-2022-0922Apr 1, 2022
    risk 0.00cvss epss 0.00

    The software does not perform any authentication for critical system functionality.

  • CVE-2021-33018Apr 1, 2022
    risk 0.00cvss epss 0.01

    The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.

  • CVE-2021-33022Apr 1, 2022
    risk 0.00cvss epss 0.01

    Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

  • CVE-2021-27497Apr 1, 2022
    risk 0.00cvss epss 0.01

    Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

  • CVE-2021-33024Apr 1, 2022
    risk 0.00cvss epss 0.01

    Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.

  • CVE-2021-33020Apr 1, 2022
    risk 0.00cvss epss 0.01

    Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

  • CVE-2021-27501Apr 1, 2022
    risk 0.00cvss epss 0.01

    Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.

  • CVE-2021-27493Apr 1, 2022
    risk 0.00cvss epss 0.01

    Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

  • CVE-2021-27456Mar 23, 2022
    risk 0.00cvss epss 0.00

    Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.

  • CVE-2021-43550Dec 27, 2021
    risk 0.00cvss epss 0.00

    The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to…

  • CVE-2021-43548Dec 27, 2021
    risk 0.00cvss epss 0.00

    Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.

  • CVE-2021-43552Dec 27, 2021
    risk 0.00cvss epss 0.00

    The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.

  • CVE-2021-33017Dec 27, 2021
    risk 0.00cvss epss 0.00

    The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.

  • CVE-2021-32993Dec 27, 2021
    risk 0.00cvss epss 0.00

    IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

  • CVE-2020-27298Jan 20, 2021
    risk 0.00cvss epss 0.01

    Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an…

  • CVE-2020-16247Sep 18, 2020
    risk 0.00cvss epss 0.00

    Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

  • CVE-2020-16200Sep 18, 2020
    risk 0.00cvss epss 0.01

    Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available …

  • CVE-2020-16198Sep 18, 2020
    risk 0.00cvss epss 0.01

    When an attacker claims to have a given identity, Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not prove or insufficiently proves the claim is correct.

  • CVE-2020-14525Sep 18, 2020
    risk 0.00cvss epss 0.00

    Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users.

  • CVE-2020-14506Sep 18, 2020
    risk 0.00cvss epss 0.00

    Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.

  • CVE-2020-16212Sep 11, 2020
    risk 0.00cvss epss 0.00

    In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is…

  • CVE-2020-16220Sep 11, 2020
    risk 0.00cvss epss 0.00

    In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input …

  • CVE-2020-16216Sep 11, 2020
    risk 0.00cvss epss 0.01

    In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process…

  • CVE-2020-16224Sep 11, 2020
    risk 0.00cvss epss 0.01

    In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the …

  • CVE-2020-16228Sep 11, 2020
    risk 0.00cvss epss 0.00

    In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation …

  • CVE-2020-16222Sep 11, 2020
    risk 0.00cvss epss 0.01

    In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.

  • CVE-2020-16214Sep 11, 2020
    risk 0.00cvss epss 0.01

    In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the…

  • CVE-2020-16218Sep 11, 2020
    risk 0.00cvss epss 0.01

    In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead…

  • CVE-2020-11618Aug 31, 2020
    risk 0.00cvss epss 0.00

    THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol.

  • CVE-2020-11617Aug 31, 2020
    risk 0.00cvss epss 0.00

    The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client.

  • CVE-2020-16239Aug 21, 2020
    risk 0.00cvss epss 0.01

    When an actor claims to have a given identity, Philips SureSigns VS4, A.07.107 and prior does not prove or insufficiently proves the claim is correct.

  • CVE-2020-16241Aug 21, 2020
    risk 0.00cvss epss 0.00

    Philips SureSigns VS4, A.07.107 and prior does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

  • CVE-2020-16237Aug 21, 2020
    risk 0.00cvss epss 0.00

    Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.

  • CVE-2020-14518Aug 21, 2020
    risk 0.00cvss epss 0.01

    Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.

  • CVE-2020-14477Jun 26, 2020
    risk 0.00cvss epss 0.00

    In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that…

  • CVE-2020-12023Jun 11, 2020
    risk 0.00cvss epss 0.00

    Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the…

  • CVE-2020-6007Jan 23, 2020
    risk 0.00cvss epss 0.02

    Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.

  • CVE-2019-18263Dec 20, 2019
    risk 0.00cvss epss 0.00

    An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura…

  • CVE-2019-18241Nov 25, 2019
    risk 0.00cvss epss 0.00

    In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to…

  • CVE-2019-13546Oct 25, 2019
    risk 0.00cvss epss 0.00

    In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to…

  • CVE-2019-13530Sep 12, 2019
    risk 0.00cvss epss 0.01

    Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by…