Lucene search

[email protected]CVE-2020-27298

HistoryJan 26, 2021 - 6:15 p.m.

CVE-2020-27298

2021-01-2618:15:45

CWE-78

[email protected]

web.nvd.nist.gov

cve-2020-27298

philips

interventional workspot

os command injection

nvd

security vulnerability

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.8%

JSON

Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.

Affected configurations

NVD

Node

philipscoronary_toolsMatch1.0

philipsdynamic_coronary_roadmapMatch1.0

philipsinterventional_workspotMatch1.3.2

philipsinterventional_workspotMatch1.4.0

philipsinterventional_workspotMatch1.4.1

philipsinterventional_workspotMatch1.4.3

philipsinterventional_workspotMatch1.4.5

philipsstentboost_liveMatch1.0

philipsviewforumMatch6.3v1l10

CPENameOperatorVersion
philips:coronary_toolsphilips coronary toolseq1.0
philips:dynamic_coronary_roadmapphilips dynamic coronary roadmapeq1.0
philips:interventional_workspotphilips interventional workspoteq1.3.2
philips:interventional_workspotphilips interventional workspoteq1.4.0
philips:interventional_workspotphilips interventional workspoteq1.4.1
philips:interventional_workspotphilips interventional workspoteq1.4.3
philips:interventional_workspotphilips interventional workspoteq1.4.5
philips:stentboost_livephilips stentboost liveeq1.0
philips:viewforumphilips viewforumeq6.3v1l10

CPE	Name	Operator	Version
philips:coronary_tools	philips coronary tools	eq	1.0
philips:dynamic_coronary_roadmap	philips dynamic coronary roadmap	eq	1.0
philips:interventional_workspot	philips interventional workspot	eq	1.3.2
philips:interventional_workspot	philips interventional workspot	eq	1.4.0
philips:interventional_workspot	philips interventional workspot	eq	1.4.1
philips:interventional_workspot	philips interventional workspot	eq	1.4.3
philips:interventional_workspot	philips interventional workspot	eq	1.4.5
philips:stentboost_live	philips stentboost live	eq	1.0
philips:viewforum	philips viewforum	eq	6.3v1l10

CNA Affected

[
  {
    "product": "Philips Interventional WorkSpot, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live, ViewForum",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10)."
      }
    ]
  }
]

References

us-cert.cisa.gov/ics/advisories/icsma-21-019-01

Social References

3.3 Low

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:A/AC:L/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.8%

JSON

Related for CVE-2020-27298

ics1 cvelist1 nvd1 prion1