CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-3426 – Use of default hardcoded credentials
https://notcve.org/view.php?id=CVE-2025-3426
07 Apr 2025 — We observed that Intellispace Portal binaries doesn’t have any protection mechanisms to prevent reverse engineering. Specifically, the app’s code is not obfuscated, and no measures are in place to protect against decompilation, disassembly, or debugging. As a result, attackers can reverse-engineer the application to gain insights into its internal workings, which can potentially lead to the discovery of sensitive information, business logic flaws, and other vulnerabilities. Utilizing this flaw, the attacker... • https://www.cve.org/CVERecord?id=CVE-2025-3426 • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3425 – Unauthenticated Remote Code Execution via .NET Deserialization
https://notcve.org/view.php?id=CVE-2025-3425
07 Apr 2025 — The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the deserialization vulnerability. After analyzing the configuration files, we observed that the server had set the TypeFilterLevel to Full which is dangerous as it can potentially lead to remote code execution using deserialization. This issue affects IntelliSpace Portal: 12 and prior. • https://www.cve.org/CVERecord?id=CVE-2025-3425 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3424 – 3.2.1 Arbitrary File Read in insecure .NET Remoting TCP Channel
https://notcve.org/view.php?id=CVE-2025-3424
07 Apr 2025 — The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the "Object Marshalling" technique, which allows an attacker to read internal files without any authentication. This is possible by crafting specific .NET Remoting URLs derived from information enumerated in the client-side configuration files. This issue affects IntelliSpace Portal: 12 and prior. The IntelliSpace portal application utilizes .NET Remoting for i... • https://www.cve.org/CVERecord?id=CVE-2025-3424 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2229 – Philips Intellispace Cardiovascular (ISCV) Use of Weak Credentials
https://notcve.org/view.php?id=CVE-2025-2229
13 Mar 2025 — A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-072-01 • CWE-1391: Use of Weak Credentials •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2230 – Philips Intellispace Cardiovascular (ISCV) Improper Authentication
https://notcve.org/view.php?id=CVE-2025-2230
13 Mar 2025 — A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass. • https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-072-01 • CWE-287: Improper Authentication •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-9991 – Cleartext Storage of Sensitive Information Vulnerability in Philips Lighting Devices
https://notcve.org/view.php?id=CVE-2024-9991
25 Oct 2024 — This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the vulnerable device. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Wi-Fi network to which vulnerable device is connected. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0329 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40704 – Philips Vue PACS Use of Default Credentials
https://notcve.org/view.php?id=CVE-2023-40704
18 Jul 2024 — Philips Vue PACS uses default credentials for potentially critical functionality. Philips Vue PACS utiliza credenciales predeterminadas para funciones potencialmente críticas. The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity. • http://www.philips.com/productsecurity • CWE-1392: Use of Default Credentials •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8863 – Philips EncoreAnywhere Exposure of Sensitive Information to an Unauthorized Actor
https://notcve.org/view.php?id=CVE-2018-8863
09 Nov 2023 — The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information. El encabezado HTTP de Philips EncoreAnywhere contiene datos que un atacante puede utilizar para obtener información confidencial. • https://www.cisa.gov/news-events/ics-advisories/icsma-18-137-02 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-39369
https://notcve.org/view.php?id=CVE-2021-39369
26 Dec 2022 — In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root. En Philips (anteriormente Carestream) Vue MyVue PACS hasta 12.2.xx, la función VideoStream permite que usuarios autenticados realicen Path Traversal para acceder a archivos almacenados fuera de la raíz web. • https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-32966 – Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information
https://notcve.org/view.php?id=CVE-2021-32966
25 May 2022 — Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. Philips Interoperability Solution XDS versiones 2.5 a 3.11 y 2018-1 a 2021-1, son vulnerables a una transmisión de texto sin cifrar de información confidencial cuando están configuradas para us... • https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01 • CWE-319: Cleartext Transmission of Sensitive Information •