Philips Security Vulnerabilities
In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the c...
6.8CVSS
6.6AI Score
0.001EPSS
In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information.
5.3CVSS
5.1AI Score
0.001EPSS
In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the ...
6.5CVSS
6.5AI Score
0.001EPSS
An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless op...
6.5CVSS
6.5AI Score
0.001EPSS
On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The ...
7.5CVSS
7.7AI Score
0.002EPSS
In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
5.4CVSS
5.4AI Score
0.001EPSS
The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client.
5.9CVSS
5.6AI Score
0.001EPSS
THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol.
7.8CVSS
7.5AI Score
0.001EPSS
Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which...
4.5CVSS
4.8AI Score
0.0004EPSS
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require auth...
4.4CVSS
4.9AI Score
0.0004EPSS
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
4.3CVSS
4.1AI Score
0.001EPSS
Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.
5.3CVSS
5.2AI Score
0.001EPSS
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users.
3.5CVSS
3.7AI Score
0.0004EPSS
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.
6.3CVSS
6.1AI Score
0.001EPSS
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
6.5CVSS
6.3AI Score
0.001EPSS
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local bre...
6.8CVSS
6.3AI Score
0.001EPSS
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, thesoftware saves user-provided information into a comma-separated value(CSV) file, but it does not neutralize or incorrectly neutralizesspecial elements that could be interpreted as a command when the file isopened by spreadsheet ...
5CVSS
5.1AI Score
0.001EPSS
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750,MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior,the product receives input or data but does not validate or incorrectlyvalidates that the input has the properties required to process the datasafely and correc...
6.5CVSS
6.4AI Score
0.001EPSS
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, thesoftware does not neutralize or incorrectly neutralizesuser-controllable input before it is placed in output that is then usedas a webpage and served to other users. Successful exploitation couldlead to unauthorized access to pa...
3.5CVSS
3.9AI Score
0.0004EPSS
In Patient Information Center iX (PICiX) Versions C.02, C.03,PerformanceBridge Focal Point Version A.01, the product receives inputthat is expected to be well-formed (i.e., to comply with a certainsyntax) but it does not validate or incorrectly validates that the inputcomplies with the syntax, caus...
4.3CVSS
4.7AI Score
0.001EPSS
In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, andPerformanceBridge Focal Point Version A.01, when an actor claims to havea given identity, the software does not prove or insufficiently provesthe claim is correct.
8.8CVSS
8.5AI Score
0.001EPSS
In Patient Information Center iX (PICiX) Versions C.02, C.03, thesoftware parses a formatted message or structure but does not handle orincorrectly handles a length field that is inconsistent with the actuallength of the associated data, causing the application on thesurveillance station to restart...
6.5CVSS
6.4AI Score
0.001EPSS
In Patient Information Center iX (PICiX) Versions C.02 and C.03,PerformanceBridge Focal Point Version A.01, IntelliVue patient monitorsMX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N andprior, the software does not check or incorrectly checks the revocationstatus of a certificate, wh...
6.4CVSS
6.3AI Score
0.0004EPSS
Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
2.1CVSS
3.7AI Score
0.0004EPSS
Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.
4.9CVSS
5AI Score
0.001EPSS
Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
2.1CVSS
3.8AI Score
0.0004EPSS
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
7.1CVSS
6.8AI Score
0.0004EPSS
Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but doe...
6.5CVSS
6.5AI Score
0.001EPSS
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
7.9CVSS
8AI Score
0.002EPSS
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was ...
7.4CVSS
7.1AI Score
0.001EPSS
The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data.
4.3CVSS
4.7AI Score
0.001EPSS
Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource.
6.2CVSS
5.5AI Score
0.0004EPSS
Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
6.2CVSS
5.4AI Score
0.0004EPSS
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
6.5CVSS
6.3AI Score
0.001EPSS
Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
9.8CVSS
9.3AI Score
0.002EPSS
Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.
9.8CVSS
9.4AI Score
0.002EPSS
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP ...
7.5CVSS
7.2AI Score
0.001EPSS
IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
8.8CVSS
8.7AI Score
0.001EPSS
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.
8.8CVSS
8.6AI Score
0.001EPSS
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.
7.5CVSS
7.9AI Score
0.002EPSS
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
8.2CVSS
8.2AI Score
0.002EPSS
Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
7.5CVSS
7.4AI Score
0.002EPSS
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.
7.5CVSS
8.1AI Score
0.002EPSS
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
6.5CVSS
6.3AI Score
0.002EPSS
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter.
8.8CVSS
9.1AI Score
0.001EPSS
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter.
8.8CVSS
9.1AI Score
0.001EPSS
Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access.
6.2CVSS
5.3AI Score
0.0004EPSS
Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
6.5CVSS
6.4AI Score
0.0005EPSS
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.
6.5CVSS
6.4AI Score
0.001EPSS
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.
6.1CVSS
5.5AI Score
0.0004EPSS