Lucene search

[email protected]CVE-2020-14477

HistoryJun 26, 2020 - 5:15 p.m.

CVE-2020-14477

2020-06-2617:15:10

CWE-287

CWE-288

[email protected]

web.nvd.nist.gov

philips

ultrasound

clearvue

epiq

affiniti

sparq

xperius

unauthorized access

information security

cve-2020-14477

nvd

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.

Affected configurations

NVD

Node

philipsclearvue_850Match-

AND

philipsclearvue_850_firmwareRange≤3.2

Node

philipsclearvue_350Match-

AND

philipsclearvue_350_firmwareRange≤3.2

Node

philipscx50Match-

AND

philipscx50_firmwareMatch5.0.2

Node

philipsaffiniti_70Match-

AND

philipsaffiniti_70_firmwareRange≤5.0

Node

philipsaffiniti_50Match-

AND

philipsaffiniti_50_firmwareRange≤5.0

Node

philipsepiq_7Match-

AND

philipsepiq_7_firmwareRange≤5.0

Node

philipssparqMatch-

AND

philipssparq_firmwareRange≤3.0.2

Node

philipsxperiusMatch-

AND

philipsxperius_firmware

CPENameOperatorVersion
philips:clearvue_850_firmwarephilips clearvue 850 firmwarele3.2

CPE	Name	Operator	Version
philips:clearvue_850_firmware	philips clearvue 850 firmware	le	3.2

CNA Affected

[
  {
    "product": "Philips Ultrasound ClearVue",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "versions 3.2 and prior"
      }
    ]
  },
  {
    "product": "Ultrasound CX",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "versions 5.0.2 and prior"
      }
    ]
  },
  {
    "product": "Ultrasound EPIQ/Affiniti",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "versions VM5.0 and prior"
      }
    ]
  },
  {
    "product": "Ultrasound Sparq",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "version 3.0.2 and prior"
      }
    ]
  },
  {
    "product": "Ultrasound Xperius",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

www.us-cert.gov/ics/advisories/icsma-20-177-01

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for CVE-2020-14477

ics1 cvelist1 prion1 nvd1