Filtered by vendor Philips
Subscribe
Total
101 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14803 | 1 Philips | 2 E-alert, E-alert Firmware | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack. | |||||
| CVE-2018-8846 | 1 Philips | 1 E-alert Firmware | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users. | |||||
| CVE-2018-8844 | 1 Philips | 1 E-alert Firmware | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. | |||||
| CVE-2018-8848 | 1 Philips | 1 E-alert Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. | |||||
| CVE-2018-14799 | 1 Philips | 10 Pagewriter Tc10, Pagewriter Tc10 Firmware, Pagewriter Tc20 and 7 more | 2023-12-10 | 4.6 MEDIUM | 3.7 LOW |
| In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user. This can lead to buffer overflow or format string vulnerabilities. | |||||
| CVE-2018-14787 | 1 Philips | 2 Intellispace Cardiovascular, Xcelera | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 2.x or prior and Xcelera Version 4.1 or prior), an attacker with escalated privileges could access folders which contain executables where authenticated users have write permissions, and could then execute arbitrary code with local administrative permissions. | |||||
| CVE-2018-17906 | 1 Philips | 2 Intellispace Pacs, Isite Pacs | 2023-12-10 | 3.3 LOW | 8.8 HIGH |
| Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system. | |||||
| CVE-2018-8854 | 1 Philips | 1 E-alert Firmware | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended. | |||||
| CVE-2018-8856 | 1 Philips | 1 E-alert Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data. | |||||
| CVE-2018-14801 | 1 Philips | 10 Pagewriter Tc10, Pagewriter Tc10 Firmware, Pagewriter Tc20 and 7 more | 2023-12-10 | 7.2 HIGH | 6.2 MEDIUM |
| In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. | |||||
| CVE-2018-8850 | 1 Philips | 1 E-alert Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution. | |||||
| CVE-2018-19001 | 1 Philips | 1 Healthsuite Health | 2023-12-10 | 4.6 MEDIUM | 4.3 MEDIUM |
| Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required. | |||||
| CVE-2018-8842 | 1 Philips | 1 E-alert Firmware | 2023-12-10 | 3.3 LOW | 8.8 HIGH |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet. | |||||
| CVE-2018-10597 | 1 Philips | 36 Avalon Fetal\/maternal Monitors Fm20, Avalon Fetal\/maternal Monitors Fm20 Firmware, Avalon Fetal\/maternal Monitors Fm30 and 33 more | 2023-12-10 | 5.4 MEDIUM | 8.3 HIGH |
| IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet. | |||||
| CVE-2018-5451 | 1 Philips | 2 Alice 6, Alice 6 Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. This weakness can lead to the exposure of resources or functionality to unintended actors, possibly providing attackers with sensitive information or the ability to execute arbitrary code. | |||||
| CVE-2018-5438 | 1 Philips | 1 Intellispace Cardiovascular | 2023-12-10 | 3.3 LOW | 6.3 MEDIUM |
| Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record (EMR) system, where ISCV is in KIOSK mode for multiple users and using Windows authentication. This may allow an attacker to gain unauthorized access to patient health information and potentially modify this information. | |||||
| CVE-2018-5470 | 1 Philips | 1 Intellispace Portal | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
| Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges. | |||||
| CVE-2018-5472 | 1 Philips | 1 Intellispace Portal | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code. | |||||
| CVE-2018-8861 | 1 Philips | 8 Brilliance Ct Big Bore, Brilliance Ct Big Bore Firmware, Brilliance 64 and 5 more | 2023-12-10 | 6.8 MEDIUM | 8.7 HIGH |
| Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) could enable a limited-access kiosk user or an unauthorized attacker to break-out from the containment of the kiosk environment, attain elevated privileges from the underlying Windows OS, and access unauthorized resources from the operating system. | |||||
| CVE-2017-9656 | 1 Philips | 1 Dosewise | 2023-12-10 | 6.5 MEDIUM | 9.1 CRITICAL |
| The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. | |||||