Filtered by vendor Philips
Subscriptions
Total
107 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-18980 | 1 Philips | 2 Taolight Smart Wi-fi Wiz Connected Led Bulb 9290022656, Taolight Smart Wi-fi Wiz Connected Led Bulb 9290022656 Firmware | 2024-08-05 | 7.5 High |
| On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb. | ||||
| CVE-2019-18263 | 1 Philips | 6 Endura, Endura Firmware, Pulsera and 3 more | 2024-08-05 | 6.5 Medium |
| An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018). The router software uses an encryption scheme that is not strong enough for the level of protection required. | ||||
| CVE-2019-18241 | 1 Philips | 4 Intellibridge Ec40, Intellibridge Ec40 Firmware, Intellibridge Ec80 and 1 more | 2024-08-05 | 6.5 Medium |
| In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub. | ||||
| CVE-2019-13546 | 1 Philips | 1 Intellispace Perinatal | 2024-08-04 | 6.8 Medium |
| In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system. | ||||
| CVE-2019-13557 | 1 Philips | 2 Tasy Emr, Tasy Webportal | 2024-08-04 | 5.3 Medium |
| In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. | ||||
| CVE-2019-13534 | 1 Philips | 19 865240, 865241, 865242 and 16 more | 2024-08-04 | 7.2 High |
| Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. | ||||
| CVE-2019-13530 | 1 Philips | 19 865240, 865241, 865242 and 16 more | 2024-08-04 | 7.2 High |
| Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware. | ||||
| CVE-2019-10968 | 1 Philips | 1 Zymed Holter 2010 | 2024-08-04 | 4.4 Medium |
| Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled. | ||||
| CVE-2019-10988 | 1 Philips | 2 Hdi 4000, Hdi 4000 Firmware | 2024-08-04 | 3.4 Low |
| In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product. | ||||
| CVE-2019-6562 | 1 Philips | 1 Tasy Emr | 2024-08-04 | 5.4 Medium |
| In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. | ||||
| CVE-2020-27298 | 1 Philips | 5 Coronary Tools, Dynamic Coronary Roadmap, Interventional Workspot and 2 more | 2024-08-04 | 6.5 Medium |
| Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component. | ||||
| CVE-2020-16239 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2024-08-04 | 4.9 Medium |
| Philips SureSigns VS4, A.07.107 and prior. When an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | ||||
| CVE-2020-16241 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2024-08-04 | 2.1 Low |
| Philips SureSigns VS4, A.07.107 and prior. The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | ||||
| CVE-2020-16237 | 1 Philips | 2 Suresigns Vs4, Suresigns Vs4 Firmware | 2024-08-04 | 2.1 Low |
| Philips SureSigns VS4, A.07.107 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | ||||
| CVE-2020-16228 | 1 Philips | 24 Intellivue Mp2-mp90, Intellivue Mp2-mp90 Firmware, Intellivue Mx100 and 21 more | 2024-08-04 | 6.4 Medium |
| In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. | ||||
| CVE-2020-16216 | 1 Philips | 24 Intellivue Mp2-mp90, Intellivue Mp2-mp90 Firmware, Intellivue Mx100 and 21 more | 2024-08-04 | 6.5 Medium |
| In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. | ||||
| CVE-2020-16247 | 1 Philips | 1 Clinical Collaboration Platform | 2024-08-04 | 7.1 High |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | ||||
| CVE-2020-16218 | 1 Philips | 1 Patient Information Center Ix | 2024-08-04 | 3.5 Low |
| In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. | ||||
| CVE-2020-16200 | 1 Philips | 1 Clinical Collaboration Platform | 2024-08-04 | 6.5 Medium |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. | ||||
| CVE-2020-16222 | 1 Philips | 2 Patient Information Center Ix, Performancebridge Focal Point | 2024-08-04 | 8.8 High |
| In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | ||||