CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0922 – ICSMA-22-088-01 Philips e-Alert
https://notcve.org/view.php?id=CVE-2022-0922
01 Apr 2022 — The software does not perform any authentication for critical system functionality. El software no lleva a cabo ninguna autenticación para la funcionalidad crítica del sistema • https://www.cisa.gov/uscert/ics/advisories/icsma-22-088-01 • CWE-306: Missing Authentication for Critical Function •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8842
https://notcve.org/view.php?id=CVE-2018-8842
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software transmite datos sens... • http://www.securityfocus.com/bid/105194 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14803
https://notcve.org/view.php?id=CVE-2018-14803
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. Philips e-Alert contiene una vulnerabilidad de divulgación de banner que podría... • http://www.securityfocus.com/bid/105194 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8844
https://notcve.org/view.php?id=CVE-2018-8844
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. La aplicación no verifica (o no puede verificar) lo suficiente si una petición consistente, válida y bien formada ha sido intencionadamente proporcionada por el usuario que envió la petición. • http://www.securityfocus.com/bid/105194 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8846
https://notcve.org/view.php?id=CVE-2018-8846
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is then served to other users. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software no neutraliza (o lo hace incorrectamente) las entradas controlables por el usuario antes de colocarlas en las salidas que se emplean como página web y luego se sirven a otros usuari... • http://www.securityfocus.com/bid/105194 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8848
https://notcve.org/view.php?id=CVE-2018-8848
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software, upon installation, sets incorrect permissions for an object that exposes it to an unintended actor. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software, tras su instalación, establece permisos incorrectos para un objeto que lo expone a un actor no planeado. • http://www.securityfocus.com/bid/105194 • CWE-276: Incorrect Default Permissions CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 0CVE-2018-8850
https://notcve.org/view.php?id=CVE-2018-8850
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not validate input properly, allowing an attacker to craft the input in a form that is not expected by the rest of the application. This would lead to parts of the unit receiving unintended input, which may result in altered control flow, arbitrary control of a resource, or arbitrary code execution. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software no valida correctamente las entradas, l... • http://www.securityfocus.com/bid/105194 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2018-8852
https://notcve.org/view.php?id=CVE-2018-8852
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. When authenticating a user or otherwise establishing a new user session, the software gives an attacker the opportunity to steal authenticated sessions without invalidating any existing session identifier. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. Al autenticar a un usuario o establecer una nueva sesión de usuario, el software proporciona al atacante la oportunidad de robar sesiones autenticadas sin invalidar... • http://www.securityfocus.com/bid/105194 • CWE-384: Session Fixation •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2018-8854
https://notcve.org/view.php?id=CVE-2018-8854
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software does not properly restrict the size or amount of resources requested or influenced by an actor, which can be used to consume more resources than intended. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software no restringe correctamente el tamaño o la cantidad de recursos solicitados o influenciados por un actor, lo que puede emplearse para consumir más recursos de los planeados. • http://www.securityfocus.com/bid/105194 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-8856
https://notcve.org/view.php?id=CVE-2018-8856
26 Sep 2018 — Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software contains hard-coded cryptographic key, which it uses for encryption of internal data. Philips e-Alert Unit (dispositivo no médico), versiones R2.1 y anteriores. El software contiene una clave criptográfica embebida, que emplea para cifrar los datos internos. • http://www.securityfocus.com/bid/105194 • CWE-798: Use of Hard-coded Credentials •