CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-7360 – Philips SmartControl DLL Hijacking
https://notcve.org/view.php?id=CVE-2020-7360
13 Aug 2020 — An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.) (CWE-427) Una vulnerabilidad de Elemento Ruta Búsqueda no Controlada en SmartCont... • https://blog.vonahi.io/when-the-path-to-system-is-wide-open • CWE-427: Uncontrolled Search Path Element •
CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0CVE-2020-14477
https://notcve.org/view.php?id=CVE-2020-14477
26 Jun 2020 — In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information. En Philips Ultrasound ClearVue Versiones 3.2 y anteriores, Ultrasound CX Versiones 5.0.2 y anteriores, Ultrasound EPIQ/Affiniti Versiones VM... • https://www.us-cert.gov/ics/advisories/icsma-20-177-01 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-12023
https://notcve.org/view.php?id=CVE-2020-12023
11 Jun 2020 — Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which are secured behind the login based administrative web portal. The unencrypted user credentials sent from the affected products listed above, for the purpose of handshake or authentication with the Enterprise Syst... • https://www.us-cert.gov/ics/advisories/icsma-20-163-01 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.9EPSS: 5%CPEs: 2EXPL: 1CVE-2020-6007
https://notcve.org/view.php?id=CVE-2020-6007
23 Jan 2020 — Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution. Philips Hue Bridge modelo 2.X versiones anteriores a 1935144020 incluyéndola, contiene un desbordamiento de búfer en la región heap de la memoria cuando se maneja una cadena ZCL larga durante la fase de comisionamiento, resultando en una ejecución de código remota. • https://research.checkpoint.com/2020/dont-be-silly-its-only-a-lightbulb • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-18263
https://notcve.org/view.php?id=CVE-2019-18263
20 Dec 2019 — An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018). The router software uses an encryption ... • https://www.us-cert.gov/ics/advisories/icsma-19-353-01 • CWE-326: Inadequate Encryption Strength •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-18241
https://notcve.org/view.php?id=CVE-2019-18241
25 Nov 2019 — In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. This could enable an unauthorized attacker with access to the network to capture and replay the session and gain unauthorized access to the EC40/80 hub. En Philips IntelliBridge EC40 y EC80, IntelliBridge EC40 Hub todas las versiones e IntelliBridge EC80 Hub todas las versiones, el servidor SSH que es ejecut... • https://www.us-cert.gov/ics/advisories/icsma-19-318-01 • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-18980
https://notcve.org/view.php?id=CVE-2019-18980
14 Nov 2019 — On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. Anyone can turn the bulb on or off, or change its color or brightness remotely. There is no authentication or encryption to use the control API. The only requirement is that the attacker have network access to the bulb. En los dispositivos Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb versión 9290022656, una API desprotegida permite a usuarios re... • https://blog.dammitly.net/2019/10/cheap-hackable-wifi-light-bulbs-or-iot.html • CWE-306: Missing Authentication for Critical Function CWE-311: Missing Encryption of Sensitive Data •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-13557
https://notcve.org/view.php?id=CVE-2019-13557
08 Nov 2019 — In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. En Tasy EMR, Tasy WebPortal Versiones 3.02.1757 y anteriores, se presenta una vulnerabilidad de exposición de información que puede permitir a un atacante remoto acceder a la información del sistema y la configuración. • https://www.us-cert.gov/ics/advisories/ICSMA-19-120-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-13546
https://notcve.org/view.php?id=CVE-2019-13546
25 Oct 2019 — In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional att... • https://www.us-cert.gov/ics/advisories/icsma-19-297-01 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2019-13530
https://notcve.org/view.php?id=CVE-2019-13530
12 Sep 2019 — Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). An attacker can use these credentials to login via ftp and upload a malicious firmware. Philips IntelliVue WLAN, monitores portátiles de pacientes, WLAN Versión A, Firmware A.03.09, WLAN Versión A, Firmware A.03.09, Número de ... • https://www.us-cert.gov/ics/advisories/icsma-19-255-01 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •