Philips: Security Vulnerabilities
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-06-02
Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-06-02
An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-06-02
The product does not require unique and complex passwords to be created
during installation. Using Philips's default password could jeopardize
the PACS system if the password was hacked or leaked. An attacker could
gain access to the database impacting system availability and data
integrity.
CVSS Score
6.8
EPSS Score
0.0
Published
2024-07-18
The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-11-09
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-12-26
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.
CVSS Score
3.7
EPSS Score
0.001
Published
2022-05-25
The software does not perform any authentication for critical system functionality.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-04-01
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.
CVSS Score
7.5
EPSS Score
0.001
Published
2022-04-01
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
CVSS Score
8.2
EPSS Score
0.002
Published
2022-04-01
Page 1