{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Interventional Workspot", "vendor": "Philips", "versions": [{"status": "affected", "version": "Release 1.3.2"}, {"status": "affected", "version": "Release 1.4.0"}, {"status": "affected", "version": "Release 1.4.1"}, {"status": "affected", "version": "Release 1.4.3"}, {"status": "affected", "version": "Release 1.4.5"}]}, {"defaultStatus": "unaffected", "product": "Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live", "vendor": "Philips", "versions": [{"status": "affected", "version": "Release 1.0"}]}, {"defaultStatus": "unaffected", "product": "ViewForum", "vendor": "Philips", "versions": [{"status": "affected", "version": "Release 6.3V1L10"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.</p>"}], "value": "Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78 OS Command Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-06-04T19:46:39.186Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-019-01"}, {"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Philips has released a software patch to proactively address this \nvulnerability in the installed base and will schedule service activities\n with impacted users to implement the correction. As a mitigation for \nthis vulnerability, users with expertise are advised to change the IPMI \npassword for the workstation interface.</p>\n<p>Users with questions regarding specific Philips Interventional \nWorkspot and/or installations and correction eligibility should contact a\n <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\">Philips service support team, regional service support</a></p><p>, or call 1-800-722-9377 with reference to field change order (FCO) number 2019-IGTBST-014.</p>\n<p>Please see the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\">Philips product security website</a></p> for the Philips advisory and the latest security information for Philips products.\n\n<br>"}], "value": "Philips has released a software patch to proactively address this \nvulnerability in the installed base and will schedule service activities\n with impacted users to implement the correction. As a mitigation for \nthis vulnerability, users with expertise are advised to change the IPMI \npassword for the workstation interface.\n\n\nUsers with questions regarding specific Philips Interventional \nWorkspot and/or installations and correction eligibility should contact a\n Philips service support team, regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions \n\n, or call 1-800-722-9377 with reference to field change order (FCO) number 2019-IGTBST-014.\n\n\nPlease see the Philips product security website https://www.philips.com/productsecurity \n\n for the Philips advisory and the latest security information for Philips products."}], "source": {"advisory": "ICSMA-21-019-01", "discovery": "INTERNAL"}, "title": "Philips Interventional Workstations OS Command Injection", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-27298", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Philips Interventional WorkSpot, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live, ViewForum", "version": {"version_data": [{"version_value": "Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10)."}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:11:36.582Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-27298", "datePublished": "2021-01-20T19:27:22", "dateReserved": "2020-10-19T00:00:00", "dateUpdated": "2025-06-04T19:46:39.186Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philips:coronary_tools:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "0266F404-C684-4B08-A137-2572146C8406", "vulnerable": true}, {"criteria": "cpe:2.3:a:philips:dynamic_coronary_roadmap:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "5AD07C53-5BF9-4F49-9F36-F456232B78A2", "vulnerable": true}, {"criteria": "cpe:2.3:a:philips:interventional_workspot:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "67EF6C48-A46E-465A-AC66-836B58089A0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:philips:interventional_workspot:1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "D997305F-1D4B-4F7C-94B2-FFB03189AD86", "vulnerable": true}, {"criteria": "cpe:2.3:a:philips:interventional_workspot:1.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "DD3D4DF4-D219-4DCD-B976-7695ABC711FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:philips:interventional_workspot:1.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "A0BDE433-D4FA-4B9C-9003-066573695740", "vulnerable": true}, {"criteria": "cpe:2.3:a:philips:interventional_workspot:1.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "F57F0899-5A6D-47E2-9CF2-3A4BE60CC0C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:philips:stentboost_live:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "C376C250-4247-4E0E-987A-2C37445F500B", "vulnerable": true}, {"criteria": "cpe:2.3:a:philips:viewforum:6.3v1l10:*:*:*:*:*:*:*", "matchCriteriaId": "E3B747A1-197A-4F85-8581-FBF0AB77662E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component."}, {"lang": "es", "value": "Philips Interventional Workspot (versi\u00f3n 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (versi\u00f3n 1.0), ViewForum (versi\u00f3n 6.3V1L10).&#xa0;El software construye todo o parte de un comando del Sistema Operativo usando una entrada influenciada externamente de un componente aguas arriba, pero no neutraliza o neutraliza incorrectamente elementos especiales que podr\u00edan modificar el comando del Sistema Operativo deseado cuando se env\u00eda a un componente aguas abajo"}], "id": "CVE-2020-27298", "lastModified": "2025-06-04T20:15:21.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-01-26T18:15:45.990", "references": [{"source": "ics-cert@hq.dhs.gov", "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-019-01"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}