Filtered by vendor Philips
Subscriptions
Total
107 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-16212 | 1 Philips | 1 Patient Information Center Ix | 2024-08-04 | 6.8 Medium |
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. | ||||
CVE-2020-16224 | 1 Philips | 1 Patient Information Center Ix | 2024-08-04 | 6.5 Medium |
In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart. | ||||
CVE-2020-16214 | 1 Philips | 1 Patient Information Center Ix | 2024-08-04 | 5.0 Medium |
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | ||||
CVE-2020-16198 | 1 Philips | 1 Clinical Collaboration Platform | 2024-08-04 | 6.3 Medium |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | ||||
CVE-2020-16220 | 1 Philips | 2 Patient Information Center Ix, Performancebridge Focal Point | 2024-08-04 | 4.3 Medium |
In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling. | ||||
CVE-2020-14525 | 1 Philips | 1 Clinical Collaboration Platform | 2024-08-04 | 3.5 Low |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users. | ||||
CVE-2020-14518 | 1 Philips | 1 Dreammapper | 2024-08-04 | 5.3 Medium |
Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. | ||||
CVE-2020-14506 | 1 Philips | 1 Clinical Collaboration Platform | 2024-08-04 | 4.3 Medium |
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. | ||||
CVE-2020-14477 | 1 Philips | 16 Affiniti 50, Affiniti 50 Firmware, Affiniti 70 and 13 more | 2024-08-04 | 4.4 Medium |
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information. | ||||
CVE-2020-12023 | 1 Philips | 1 Intellibridge Enterprise | 2024-08-04 | 4.5 Medium |
Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which are secured behind the login based administrative web portal. The unencrypted user credentials sent from the affected products listed above, for the purpose of handshake or authentication with the Enterprise Systems, are logged as the payload in IntelliBridge Enterprise (IBE) within the transaction logs. An attacker with administrative privileges could exploit this vulnerability to read plain text credentials from log files. | ||||
CVE-2020-11618 | 2 Philips, Thomsonstb | 4 Dtr3502bfta Dvb-t2, Dtr3502bfta Dvb-t2 Firmware, Tht741fta and 1 more | 2024-08-04 | 7.8 High |
THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol. | ||||
CVE-2020-11617 | 2 Philips, Thomsonstb | 4 Dtr3502bfta Dvb-t2, Dtr3502bfta Dvb-t2 Firmware, Tht741fta and 1 more | 2024-08-04 | 5.9 Medium |
The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client. | ||||
CVE-2020-6007 | 1 Philips | 2 Hue Bridge V2, Hue Bridge V2 Firmware | 2024-08-04 | 7.9 High |
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution. | ||||
CVE-2021-42744 | 1 Philips | 4 Mri 1.5t, Mri 1.5t Firmware, Mri 3t and 1 more | 2024-08-04 | 6.2 Medium |
Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access. | ||||
CVE-2021-39375 | 1 Philips | 1 Tasy Electronic Medical Record | 2024-08-04 | 8.8 High |
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. | ||||
CVE-2021-39369 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2024-08-04 | 6.5 Medium |
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root. | ||||
CVE-2021-39376 | 1 Philips | 1 Tasy Electronic Medical Record | 2024-08-04 | 8.8 High |
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter. | ||||
CVE-2021-33024 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2024-08-03 | 3.7 Low |
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. | ||||
CVE-2021-33022 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2024-08-03 | 7.5 High |
Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | ||||
CVE-2021-33018 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2024-08-03 | 7.5 High |
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information. |