CVSS: 7.2EPSS: 0%CPEs: 19EXPL: 0CVE-2019-13534
https://notcve.org/view.php?id=CVE-2019-13534
12 Sep 2019 — Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code. Philips IntelliVue WLAN, monitores portátiles de pacientes, W... • https://www.us-cert.gov/ics/advisories/icsma-19-255-01 • CWE-494: Download of Code Without Integrity Check •
CVSS: 3.6EPSS: 0%CPEs: 2EXPL: 0CVE-2019-10988
https://notcve.org/view.php?id=CVE-2019-10988
04 Sep 2019 — In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product. En Philips HDI 4000 Ultrasound Systems, todas las versiones que se ejecutan en sistemas operativos no compatibles y antiguos, como Windows 2000, el HDI 4000 Ultrasound System está construi... • https://www.us-cert.gov/ics/advisories/icsma-19-241-02 • CWE-477: Use of Obsolete Function •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10968
https://notcve.org/view.php?id=CVE-2019-10968
24 Jul 2019 — Philips Holter 2010 Plus, all versions. A vulnerability has been identified that may allow system options that were not purchased to be enabled. Philips Holter 2010 Plus, todas las versiones una vulnerabilidad ha sido identificada que podría permitir opciones de sistema que no fueron compradas para ser habilitadas. • https://www.us-cert.gov/ics/advisories/icsma-19-192-01 • CWE-477: Use of Obsolete Function •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2019-6562
https://notcve.org/view.php?id=CVE-2019-6562
01 May 2019 — In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. En Philips Tasy EMR, Tasy EMR versiones 3.02.1744 y anteriores, el software neutraliza incorrectamente la entrada controlable por el usuario, antes de que se coloque en la salida que se usa como una página web que se sirve a otros usuarios. • https://ics-cert.us-cert.gov/advisories/ICSMA-19-120-01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2018-19001
https://notcve.org/view.php?id=CVE-2018-19001
07 Dec 2018 — Philips HealthSuite Health Android App, all versions. The software uses simple encryption that is not strong enough for the level of protection required. Aplicación de Philips HealthSuite Health para Android, en todas las versiones. El software emplea un cifrado simple que no es lo suficientemente fuerte para el nivel de protección necesario. • http://www.securityfocus.com/bid/106126 • CWE-326: Inadequate Encryption Strength •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-17906
https://notcve.org/view.php?id=CVE-2018-17906
19 Nov 2018 — Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system. Philips iSite e IntelliSpace PACS, iSite PACS, en todas las versiones, e IntelliSpace PACS, en todas las versiones. Las credenciales por defecto y la falta de autenticación con software de terceros podría permitir que un atacante comprometa un componente del sistema. • http://www.securityfocus.com/bid/105875 • CWE-306: Missing Authentication for Critical Function CWE-521: Weak Password Requirements CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8842
https://notcve.org/view.php?id=CVE-2018-8842
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software transmite datos sens... • http://www.securityfocus.com/bid/105194 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14803
https://notcve.org/view.php?id=CVE-2018-14803
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. Philips e-Alert contiene una vulnerabilidad de divulgación de banner que podría... • http://www.securityfocus.com/bid/105194 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8844
https://notcve.org/view.php?id=CVE-2018-8844
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. La aplicación no verifica (o no puede verificar) lo suficiente si una petición consistente, válida y bien formada ha sido intencionadamente proporcionada por el usuario que envió la petición. • http://www.securityfocus.com/bid/105194 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8846
https://notcve.org/view.php?id=CVE-2018-8846
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software no neutraliza (o lo hace incorrectamente) las entradas controlables por el usuario antes de colocarlas en las salidas que se emplean como página web y luego se sirven a otros usuari... • http://www.securityfocus.com/bid/105194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •