Lucene search

[email protected]NVD:CVE-2020-14477

HistoryJun 26, 2020 - 5:15 p.m.

CVE-2020-14477

2020-06-2617:15:10

CWE-288

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

Percentile

10.4%

JSON

In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.

Affected configurations

Nvd

Node

philipsclearvue_850Match-

AND

philipsclearvue_850_firmwareRange≤3.2

Node

philipsclearvue_350Match-

AND

philipsclearvue_350_firmwareRange≤3.2

Node

philipscx50Match-

AND

philipscx50_firmwareMatch5.0.2

Node

philipsaffiniti_70Match-

AND

philipsaffiniti_70_firmwareRange≤5.0

Node

philipsaffiniti_50Match-

AND

philipsaffiniti_50_firmwareRange≤5.0

Node

philipsepiq_7Match-

AND

philipsepiq_7_firmwareRange≤5.0

Node

philipssparqMatch-

AND

philipssparq_firmwareRange≤3.0.2

Node

philipsxperiusMatch-

AND

philipsxperius_firmware

VendorProductVersionCPE
philipsclearvue_850-cpe:2.3:h:philips:clearvue_850:-:*:*:*:*:*:*:*
philipsclearvue_850_firmware*cpe:2.3:o:philips:clearvue_850_firmware:*:*:*:*:*:*:*:*
philipsclearvue_350-cpe:2.3:h:philips:clearvue_350:-:*:*:*:*:*:*:*
philipsclearvue_350_firmware*cpe:2.3:o:philips:clearvue_350_firmware:*:*:*:*:*:*:*:*
philipscx50-cpe:2.3:h:philips:cx50:-:*:*:*:*:*:*:*
philipscx50_firmware5.0.2cpe:2.3:o:philips:cx50_firmware:5.0.2:*:*:*:*:*:*:*
philipsaffiniti_70-cpe:2.3:h:philips:affiniti_70:-:*:*:*:*:*:*:*
philipsaffiniti_70_firmware*cpe:2.3:o:philips:affiniti_70_firmware:*:*:*:*:*:*:*:*
philipsaffiniti_50-cpe:2.3:h:philips:affiniti_50:-:*:*:*:*:*:*:*
philipsaffiniti_50_firmware*cpe:2.3:o:philips:affiniti_50_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
philips	clearvue_850	-	cpe:2.3:h:philips:clearvue_850:-:::::::*
philips	clearvue_850_firmware	*	cpe:2.3:o:philips:clearvue_850_firmware::::::::
philips	clearvue_350	-	cpe:2.3:h:philips:clearvue_350:-:::::::*
philips	clearvue_350_firmware	*	cpe:2.3:o:philips:clearvue_350_firmware::::::::
philips	cx50	-	cpe:2.3:h:philips:cx50:-:::::::*
philips	cx50_firmware	5.0.2	cpe:2.3:o:philips:cx50_firmware:5.0.2:::::::*
philips	affiniti_70	-	cpe:2.3:h:philips:affiniti_70:-:::::::*
philips	affiniti_70_firmware	*	cpe:2.3:o:philips:affiniti_70_firmware::::::::
philips	affiniti_50	-	cpe:2.3:h:philips:affiniti_50:-:::::::*
philips	affiniti_50_firmware	*	cpe:2.3:o:philips:affiniti_50_firmware::::::::

Rows per page:

1-10 of 161

References

www.us-cert.gov/ics/advisories/icsma-20-177-01

CVSS2

3.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS

Percentile

10.4%

JSON

Related for NVD:CVE-2020-14477

ics1 prion1 cvelist1 cve1