Vulnerabilities
Vulnerable Software
Philips:  Security Vulnerabilities
In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.
CVSS Score
6.4
EPSS Score
0.0
Published
2020-09-11
THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol.
CVSS Score
7.8
EPSS Score
0.0
Published
2020-08-31
The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client.
CVSS Score
5.9
EPSS Score
0.002
Published
2020-08-31
Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.
CVSS Score
5.3
EPSS Score
0.002
Published
2020-08-21
Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
CVSS Score
2.1
EPSS Score
0.001
Published
2020-08-21
When an actor claims to have a given identity, Philips SureSigns VS4, A.07.107 and prior does not prove or insufficiently proves the claim is correct.
CVSS Score
4.9
EPSS Score
0.002
Published
2020-08-21
Philips SureSigns VS4, A.07.107 and prior does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CVSS Score
6.3
EPSS Score
0.0
Published
2020-08-21
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)
CVSS Score
7.4
EPSS Score
0.001
Published
2020-08-13
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
CVSS Score
3.6
EPSS Score
0.0
Published
2020-06-26
Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which are secured behind the login based administrative web portal. The unencrypted user credentials sent from the affected products listed above, for the purpose of handshake or authentication with the Enterprise Systems, are logged as the payload in IntelliBridge Enterprise (IBE) within the transaction logs. An attacker with administrative privileges could exploit this vulnerability to read plain text credentials from log files.
CVSS Score
2.0
EPSS Score
0.001
Published
2020-06-11


Contact Us

Shodan ® - All rights reserved