Philips: Security Vulnerabilities
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.
CVSS Score
6.1
EPSS Score
0.001
Published
2021-12-27
Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access.
CVSS Score
6.2
EPSS Score
0.001
Published
2021-11-19
Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource.
CVSS Score
6.2
EPSS Score
0.001
Published
2021-11-19
Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVSS Score
6.2
EPSS Score
0.001
Published
2021-11-19
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-08-24
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-08-24
Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.
CVSS Score
6.5
EPSS Score
0.003
Published
2021-01-26
Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub.
CVSS Score
7.5
EPSS Score
0.017
Published
2020-12-21
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior,
does not properly control the allocation and maintenance of a limited
resource, thereby enabling an attacker to influence the amount of
resources consumed, eventually leading to the exhaustion of available
resources.
CVSS Score
6.5
EPSS Score
0.001
Published
2020-09-18
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior,
exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
CVSS Score
6.8
EPSS Score
0.001
Published
2020-09-18