Filtered by vendor Philips
Subscribe
Total
107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32966 | 1 Philips | 1 Interoperability Solution Xds | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. | |||||
| CVE-2021-27501 | 1 Philips | 4 Myvue, Speech, Vue Motion and 1 more | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. | |||||
| CVE-2021-26262 | 1 Philips | 4 Mri 1.5t, Mri 1.5t Firmware, Mri 3t and 1 more | 2024-11-21 | 5.0 MEDIUM | 6.2 MEDIUM |
| Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | |||||
| CVE-2021-26248 | 1 Philips | 4 Mri 1.5t, Mri 1.5t Firmware, Mri 3t and 1 more | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource. | |||||
| CVE-2021-23173 | 1 Philips | 1 Engage | 2024-11-21 | 4.0 MEDIUM | 2.6 LOW |
| The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data. | |||||
| CVE-2020-7360 | 1 Philips | 1 Smartcontrol | 2024-11-21 | 6.9 MEDIUM | 7.4 HIGH |
| An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.) | |||||
| CVE-2020-6007 | 1 Philips | 2 Hue Bridge V2, Hue Bridge V2 Firmware | 2024-11-21 | 4.3 MEDIUM | 7.9 HIGH |
| Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution. | |||||
| CVE-2020-16228 | 1 Philips | 24 Intellivue Mp2-mp90, Intellivue Mp2-mp90 Firmware, Intellivue Mx100 and 21 more | 2024-11-21 | 5.2 MEDIUM | 6.4 MEDIUM |
| In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. | |||||
| CVE-2020-16224 | 1 Philips | 1 Patient Information Center Ix | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart. | |||||
| CVE-2020-16222 | 1 Philips | 2 Patient Information Center Ix, Performancebridge Focal Point | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | |||||
| CVE-2020-16220 | 1 Philips | 2 Patient Information Center Ix, Performancebridge Focal Point | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling. | |||||
| CVE-2020-16218 | 1 Philips | 1 Patient Information Center Ix | 2024-11-21 | 2.7 LOW | 3.5 LOW |
| In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application. | |||||
| CVE-2020-16216 | 1 Philips | 24 Intellivue Mp2-mp90, Intellivue Mp2-mp90 Firmware, Intellivue Mx100 and 21 more | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. | |||||
| CVE-2020-16214 | 1 Philips | 1 Patient Information Center Ix | 2024-11-21 | 5.8 MEDIUM | 5.0 MEDIUM |
| In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | |||||
| CVE-2020-16212 | 1 Philips | 1 Patient Information Center Ix | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. | |||||
| CVE-2020-11618 | 2 Philips, Thomsonstb | 4 Dtr3502bfta Dvb-t2, Dtr3502bfta Dvb-t2 Firmware, Tht741fta and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol. | |||||
| CVE-2020-11617 | 2 Philips, Thomsonstb | 4 Dtr3502bfta Dvb-t2, Dtr3502bfta Dvb-t2 Firmware, Tht741fta and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client. | |||||
| CVE-2019-6562 | 1 Philips | 1 Tasy Emr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. | |||||
| CVE-2019-18980 | 1 Philips | 2 Taolight Smart Wi-fi Wiz Connected Led Bulb 9290022656, Taolight Smart Wi-fi Wiz Connected Led Bulb 9290022656 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb. | |||||
| CVE-2019-18263 | 1 Philips | 6 Endura, Endura Firmware, Pulsera and 3 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018). The router software uses an encryption scheme that is not strong enough for the level of protection required. | |||||