CVE-2020-27298

Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:philips:coronary_tools:1.0:::::::*
	cpe:2.3:a:philips:dynamic_coronary_roadmap:1.0:::::::*
	cpe:2.3:a:philips:interventional_workspot:1.3.2:::::::*
	cpe:2.3:a:philips:interventional_workspot:1.4.0:::::::*
	cpe:2.3:a:philips:interventional_workspot:1.4.1:::::::*
	cpe:2.3:a:philips:interventional_workspot:1.4.3:::::::*
	cpe:2.3:a:philips:interventional_workspot:1.4.5:::::::*
	cpe:2.3:a:philips:stentboost_live:1.0:::::::*
	cpe:2.3:a:philips:viewforum:6.3v1l10:::::::*

History

No history.

Information

Published : 2021-01-26 18:15

Updated : 2021-02-02 19:03

NVD link : CVE-2020-27298

Mitre link : CVE-2020-27298

CVE.ORG link : CVE-2020-27298

JSON object : View

Products Affected

philips

viewforum
stentboost_live
coronary_tools
dynamic_coronary_roadmap
interventional_workspot

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2020-27298", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-01-26T18:15:45.990", "references": [{"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}, {"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component."}, {"lang": "es", "value": "Philips Interventional Workspot (versi\u00f3n 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (versi\u00f3n 1.0), ViewForum (versi\u00f3n 6.3V1L10). El software construye todo o parte de un comando del Sistema Operativo usando una entrada influenciada externamente de un componente aguas arriba, pero no neutraliza o neutraliza incorrectamente elementos especiales que podr\u00edan modificar el comando del Sistema Operativo deseado cuando se env\u00eda a un componente aguas abajo"}], "lastModified": "2021-02-02T19:03:37.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:philips:coronary_tools:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0266F404-C684-4B08-A137-2572146C8406"}, {"criteria": "cpe:2.3:a:philips:dynamic_coronary_roadmap:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5AD07C53-5BF9-4F49-9F36-F456232B78A2"}, {"criteria": "cpe:2.3:a:philips:interventional_workspot:1.3.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67EF6C48-A46E-465A-AC66-836B58089A0C"}, {"criteria": "cpe:2.3:a:philips:interventional_workspot:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D997305F-1D4B-4F7C-94B2-FFB03189AD86"}, {"criteria": "cpe:2.3:a:philips:interventional_workspot:1.4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD3D4DF4-D219-4DCD-B976-7695ABC711FF"}, {"criteria": "cpe:2.3:a:philips:interventional_workspot:1.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A0BDE433-D4FA-4B9C-9003-066573695740"}, {"criteria": "cpe:2.3:a:philips:interventional_workspot:1.4.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F57F0899-5A6D-47E2-9CF2-3A4BE60CC0C4"}, {"criteria": "cpe:2.3:a:philips:stentboost_live:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C376C250-4247-4E0E-987A-2C37445F500B"}, {"criteria": "cpe:2.3:a:philips:viewforum:6.3v1l10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3B747A1-197A-4F85-8581-FBF0AB77662E"}], "operator": "OR"}]}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}