CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0922 – ICSMA-22-088-01 Philips e-Alert
https://notcve.org/view.php?id=CVE-2022-0922
The software does not perform any authentication for critical system functionality. El software no lleva a cabo ninguna autenticación para la funcionalidad crítica del sistema • https://www.cisa.gov/uscert/ics/advisories/icsma-22-088-01 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8854
https://notcve.org/view.php?id=CVE-2018-8854
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software no restringe correctamente el tamaño o la cantidad de recursos solicitados o influenciados por un actor, lo que puede emplearse para consumir más recursos de los planeados. • http://www.securityfocus.com/bid/105194 https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01 https://www.usa.philips.com/healthcare/about/customer-support/product-security • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8842
https://notcve.org/view.php?id=CVE-2018-8842
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software transmite datos sensibles o críticos para la seguridad en texto claro en un canal de comunicación que puede ser rastreado por actores no autorizados. • http://www.securityfocus.com/bid/105194 https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01 https://www.usa.philips.com/healthcare/about/customer-support/product-security • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8848
https://notcve.org/view.php?id=CVE-2018-8848
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software, tras su instalación, establece permisos incorrectos para un objeto que lo expone a un actor no planeado. • http://www.securityfocus.com/bid/105194 https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01 https://www.usa.philips.com/healthcare/about/customer-support/product-security • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14803
https://notcve.org/view.php?id=CVE-2018-14803
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. Philips e-Alert contiene una vulnerabilidad de divulgación de banner que podría permitir que los atacantes obtengan información de producto extraña, como el sistema operativo y los componentes de software, mediante la cabecera de respuesta HTTP que normalmente no está disponible para el atacante, pero que podría contener información útil en un ataque. • http://www.securityfocus.com/bid/105194 https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01 https://www.usa.philips.com/healthcare/about/customer-support/product-security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •