Filtered by vendor Philips
Subscribe
Total
107 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8856 | 1 Philips | 1 E-alert Firmware | 2018-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data. | |||||
| CVE-2018-5438 | 1 Philips | 1 Intellispace Cardiovascular | 2018-04-20 | 3.3 LOW | 6.3 MEDIUM |
| Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. This vulnerability exists when using ISCV together with an Electronic Medical Record (EMR) system, where ISCV is in KIOSK mode for multiple users and using Windows authentication. This may allow an attacker to gain unauthorized access to patient health information and potentially modify this information. | |||||
| CVE-2017-14797 | 1 Philips | 2 Hue Bridge Bsb002, Hue Bridge Bsb002 Firmware | 2017-11-21 | 7.9 HIGH | 7.5 HIGH |
| Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network. | |||||
| CVE-2015-2884 | 1 Philips | 1 In.sight B120\\37 | 2017-04-19 | 5.0 MEDIUM | 7.5 HIGH |
| Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi. | |||||
| CVE-2015-2883 | 1 Philips | 1 In.sight B120\\37 | 2017-04-14 | 3.5 LOW | 5.4 MEDIUM |
| Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. | |||||
| CVE-2015-2882 | 1 Philips | 1 In.sight B120\\37 | 2017-04-14 | 10.0 HIGH | 9.8 CRITICAL |
| Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a password of M100-4674448 for the backdoor admin account. | |||||
| CVE-2013-2808 | 1 Philips | 4 Xper Flex Cardio, Xper Information Management Physiomonitoring 5, Xper Information Management Vascular Monitoring 5 and 1 more | 2013-10-07 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Xper in Philips Xper Information Management Physiomonitoring 5 components, Xper Information Management Vascular Monitoring 5 components, and Xper Information Management servers and workstations for Flex Cardio products before XperConnect 1.5.4.053 SP2 allows remote attackers to execute arbitrary code via a crafted HTTP request to the Connect broker on TCP port 6000. | |||||