CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39375
https://notcve.org/view.php?id=CVE-2021-39375
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. Philips Healthcare Tasy Electronic Medical Record (EMR) versión 3.06, permite una inyección SQL por medio del parámetro WAdvancedFilter/getDimensionItemsByCode FilterValue. • https://diesec.home.blog/2021/08/24/philips-tasy-emr-3-06-sql-injection-cve-2021-39375cve-2021-39376 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39376
https://notcve.org/view.php?id=CVE-2021-39376
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter. Philips Healthcare Tasy Electronic Medical Record (EMR) versión 3.06, permite una inyección SQL por medio del parámetro CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST o CD_USUARIO_CONVENIO. • https://diesec.home.blog/2021/08/24/philips-tasy-emr-3-06-sql-injection-cve-2021-39375cve-2021-39376 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-27298
https://notcve.org/view.php?id=CVE-2020-27298
Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component. Philips Interventional Workspot (versión 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (versión 1.0), ViewForum (versión 6.3V1L10). El software construye todo o parte de un comando del Sistema Operativo usando una entrada influenciada externamente de un componente aguas arriba, pero no neutraliza o neutraliza incorrectamente elementos especiales que podrían modificar el comando del Sistema Operativo deseado cuando se envía a un componente aguas abajo • https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 3CVE-2018-7580 – Philips Hue Denial Of Service
https://notcve.org/view.php?id=CVE-2018-7580
Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub. • http://packetstormsecurity.com/files/160724/Philips-Hue-Denial-Of-Service.html http://seclists.org/fulldisclosure/2020/Dec/51 https://www.iliashn.com/CVE-2018-7580 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-16247
https://notcve.org/view.php?id=CVE-2020-16247
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. Philips Clinical Collaboration Platform, versiones 12.2.1 y anteriores. El producto expone un recurso a la esfera de control incorrecta, proporcionando a los actores no deseados un acceso inapropiado al recurso • https://us-cert.cisa.gov/ics/advisories/icsma-20-261-01 • CWE-16: Configuration CWE-668: Exposure of Resource to Wrong Sphere •