Filtered by vendor Philips
Subscribe
Total
103 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10601 | 1 Philips | 36 Avalon Fetal\/maternal Monitors Fm20, Avalon Fetal\/maternal Monitors Fm20 Firmware, Avalon Fetal\/maternal Monitors Fm30 and 33 more | 2021-05-10 | 5.4 MEDIUM | 8.2 HIGH |
| IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that exposes an "echo" service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow. | |||||
| CVE-2018-10597 | 1 Philips | 36 Avalon Fetal\/maternal Monitors Fm20, Avalon Fetal\/maternal Monitors Fm20 Firmware, Avalon Fetal\/maternal Monitors Fm30 and 33 more | 2021-05-10 | 5.4 MEDIUM | 8.3 HIGH |
| IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet. | |||||
| CVE-2020-27298 | 1 Philips | 5 Coronary Tools, Dynamic Coronary Roadmap, Interventional Workspot and 2 more | 2021-02-02 | 3.3 LOW | 6.5 MEDIUM |
| Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component. | |||||
| CVE-2019-10988 | 1 Philips | 2 Hdi 4000, Hdi 4000 Firmware | 2020-10-02 | 3.6 LOW | 3.4 LOW |
| In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product. | |||||
| CVE-2019-10968 | 1 Philips | 1 Zymed Holter 2010 | 2020-10-01 | 2.1 LOW | 4.4 MEDIUM |
| Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled. | |||||
| CVE-2018-8848 | 1 Philips | 1 E-alert Firmware | 2020-09-29 | 5.0 MEDIUM | 7.5 HIGH |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. | |||||
| CVE-2020-16200 | 1 Philips | 1 Clinical Collaboration Platform | 2020-09-25 | 3.3 LOW | 6.5 MEDIUM |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. | |||||
| CVE-2020-16198 | 1 Philips | 1 Clinical Collaboration Platform | 2020-09-25 | 5.8 MEDIUM | 6.3 MEDIUM |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | |||||
| CVE-2020-14525 | 1 Philips | 1 Clinical Collaboration Platform | 2020-09-25 | 2.7 LOW | 3.5 LOW |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users. | |||||
| CVE-2020-14506 | 1 Philips | 1 Clinical Collaboration Platform | 2020-09-25 | 4.3 MEDIUM | 4.3 MEDIUM |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | |||||
| CVE-2018-17906 | 1 Philips | 2 Intellispace Pacs, Isite Pacs | 2020-09-18 | 3.3 LOW | 8.8 HIGH |
| Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system. | |||||
| CVE-2020-11617 | 2 Philips, Thomsonstb | 4 Dtr3502bfta Dvb-t2, Dtr3502bfta Dvb-t2 Firmware, Tht741fta and 1 more | 2020-09-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client. | |||||
| CVE-2020-11618 | 2 Philips, Thomsonstb | 4 Dtr3502bfta Dvb-t2, Dtr3502bfta Dvb-t2 Firmware, Tht741fta and 1 more | 2020-09-09 | 7.2 HIGH | 7.8 HIGH |
| THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol. | |||||
| CVE-2020-14518 | 1 Philips | 1 Dreammapper | 2020-08-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. | |||||
| CVE-2020-16239 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2020-08-27 | 4.0 MEDIUM | 4.9 MEDIUM |
| Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | |||||
| CVE-2020-16237 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2020-08-27 | 2.1 LOW | 2.1 LOW |
| Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | |||||
| CVE-2019-18980 | 1 Philips | 2 Taolight Smart Wi-fi Wiz Connected Led Bulb 9290022656, Taolight Smart Wi-fi Wiz Connected Led Bulb 9290022656 Firmware | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb. | |||||
| CVE-2020-7360 | 1 Philips | 1 Smartcontrol | 2020-08-19 | 6.9 MEDIUM | 7.3 HIGH |
| An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.) | |||||
| CVE-2020-14477 | 1 Philips | 16 Affiniti 50, Affiniti 50 Firmware, Affiniti 70 and 13 more | 2020-07-15 | 3.6 LOW | 4.4 MEDIUM |
| In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information. | |||||
| CVE-2020-12023 | 1 Philips | 1 Intellibridge Enterprise | 2020-06-23 | 2.7 LOW | 4.5 MEDIUM |
| Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which are secured behind the login based administrative web portal. The unencrypted user credentials sent from the affected products listed above, for the purpose of handshake or authentication with the Enterprise Systems, are logged as the payload in IntelliBridge Enterprise (IBE) within the transaction logs. An attacker with administrative privileges could exploit this vulnerability to read plain text credentials from log files. | |||||