CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 4CVE-2018-7580 – Philips Hue Denial of Service
https://notcve.org/view.php?id=CVE-2018-7580
21 Dec 2020 — Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub. • https://packetstorm.news/files/id/160724 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16247
https://notcve.org/view.php?id=CVE-2020-16247
18 Sep 2020 — Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. Philips Clinical Collaboration Platform, versiones 12.2.1 y anteriores. El producto expone un recurso a la esfera de control incorrecta, proporcionando a los actores no deseados un acceso inapropiado al recurso • https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01 • CWE-16: Configuration CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16200
https://notcve.org/view.php?id=CVE-2020-16200
18 Sep 2020 — Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources. Philips Clinical Collaboration Platform, versiones 12.2.1 y anteriores. El software no controla apropiadamente la asignación y el mantenimiento de un recurso limitado, lo que permite a un atacante influir en l... • https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01 • CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16198
https://notcve.org/view.php?id=CVE-2020-16198
18 Sep 2020 — Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. Philips Clinical Collaboration Platform, versiones 12.2.1 y anteriores. Cuando un atacante reclama tener una identidad dada, el software no prueba o prueba insuficientemente que la reclamación sea correcta • https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01 • CWE-693: Protection Mechanism Failure •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14525
https://notcve.org/view.php?id=CVE-2020-14525
18 Sep 2020 — Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users. Philips Clinical Collaboration Platform, versiones 12.2.1 y anteriores. El software no neutraliza o neutraliza incorrectamente una entrada controlada por el usuario antes de que sea colocada en la salida usada como una página web que es servida a otros usuarios • https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01 • CWE-83: Improper Neutralization of Script in Attributes in a Web Page •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14506
https://notcve.org/view.php?id=CVE-2020-14506
18 Sep 2020 — Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly. Philips Clinical Collaboration Platform, versiones 12.2.1 y anteriores. El producto recibe entrada o datos, pero no comprueba o comprueba incorrectamente que la entrada cuenta con las propiedades requeridas para procesar los datos de manera segura y correcta • https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-16212 – Philips Patient Monitoring Devices Exposure of Resource to Wrong Sphere
https://notcve.org/view.php?id=CVE-2020-16212
11 Sep 2020 — In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Poin... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-16220 – Philips Patient Monitoring Devices Improper Validation of Syntactic Correctness of Input
https://notcve.org/view.php?id=CVE-2020-16220
11 Sep 2020 — In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-1286: Improper Validation of Syntactic Correctness of Input •
CVSS: 6.5EPSS: 0%CPEs: 26EXPL: 0CVE-2020-16216 – Philips Patient Monitoring Devices Improper Input Validation
https://notcve.org/view.php?id=CVE-2020-16216
11 Sep 2020 — In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, Monitores de paciente... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-16224 – Philips Patient Monitoring Devices Improper Handling of Length Parameter Inconsistency
https://notcve.org/view.php?id=CVE-2020-16224
11 Sep 2020 — In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart. Patient Information Center iX (PICiX) Versiones B.02, C.02, C.03, PerformanceBridge Focal Point Versión A.01, monitores de paciente IntelliVue MX100, MX400-MX850 y MP2-MP90 Versiones N y anteriores, IntelliV... • https://us-cert.cisa.gov/ics/advisories/icsma-20-254-01 • CWE-130: Improper Handling of Length Parameter Inconsistency •