Philips: Security Vulnerabilities
In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-05-01
Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required.
CVSS Score
4.3
EPSS Score
0.0
Published
2018-12-07
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.
CVSS Score
8.8
EPSS Score
0.004
Published
2018-11-19
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended.
CVSS Score
7.5
EPSS Score
0.022
Published
2018-09-26
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data.
CVSS Score
9.8
EPSS Score
0.006
Published
2018-09-26
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution.
CVSS Score
9.8
EPSS Score
0.034
Published
2018-09-26
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier.
CVSS Score
8.8
EPSS Score
0.01
Published
2018-09-26
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-09-26
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-09-26
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-09-26