CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2024-9991 – Cleartext Storage of Sensitive Information Vulnerability in Philips Lighting Devices
https://notcve.org/view.php?id=CVE-2024-9991
This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the vulnerable device. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Wi-Fi network to which vulnerable device is connected. • https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0329 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40704 – Philips Vue PACS Use of Default Credentials
https://notcve.org/view.php?id=CVE-2023-40704
Philips Vue PACS uses default credentials for potentially critical functionality. Philips Vue PACS utiliza credenciales predeterminadas para funciones potencialmente críticas. • http://www.philips.com/productsecurity https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01 • CWE-1392: Use of Default Credentials •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40539 – Philips Vue PACS Weak Password Requirements
https://notcve.org/view.php?id=CVE-2023-40539
Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts. Philips Vue PACS no requiere que los usuarios tengan contraseñas seguras, lo que podría facilitar que los atacantes comprometan las cuentas de los usuarios. • http://www.philips.com/productsecurity https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01 • CWE-521: Weak Password Requirements •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40223 – Philips Vue PACS Improper Privilege Management
https://notcve.org/view.php?id=CVE-2023-40223
Philips Vue PACS does not properly assign, modify, track, or check actor privileges, creating an unintended sphere of control for that actor. Philips Vue PACS no asigna, modifica, rastrea ni verifica adecuadamente los privilegios de los actores, lo que crea una esfera de control no deseada para ese actor. • http://www.philips.com/productsecurity https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01 • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40159 – Philips Vue PACS Exposure of Sensitive Information to an Unauthorized Actor
https://notcve.org/view.php?id=CVE-2023-40159
A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information. Un usuario validado que no esté autorizado explícitamente para tener acceso a cierta información confidencial podría acceder a Philips Vue PACS en la misma red para exponer esa información. • http://www.philips.com/productsecurity https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •