CVE-2020-27298
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.
Philips Interventional Workspot (versión 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (versión 1.0), ViewForum (versión 6.3V1L10). El software construye todo o parte de un comando del Sistema Operativo usando una entrada influenciada externamente de un componente aguas arriba, pero no neutraliza o neutraliza incorrectamente elementos especiales que podrían modificar el comando del Sistema Operativo deseado cuando se envía a un componente aguas abajo
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-19 CVE Reserved
- 2021-01-20 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Philips Search vendor "Philips" | Coronary Tools Search vendor "Philips" for product "Coronary Tools" | 1.0 Search vendor "Philips" for product "Coronary Tools" and version "1.0" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Dynamic Coronary Roadmap Search vendor "Philips" for product "Dynamic Coronary Roadmap" | 1.0 Search vendor "Philips" for product "Dynamic Coronary Roadmap" and version "1.0" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Interventional Workspot Search vendor "Philips" for product "Interventional Workspot" | 1.3.2 Search vendor "Philips" for product "Interventional Workspot" and version "1.3.2" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Interventional Workspot Search vendor "Philips" for product "Interventional Workspot" | 1.4.0 Search vendor "Philips" for product "Interventional Workspot" and version "1.4.0" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Interventional Workspot Search vendor "Philips" for product "Interventional Workspot" | 1.4.1 Search vendor "Philips" for product "Interventional Workspot" and version "1.4.1" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Interventional Workspot Search vendor "Philips" for product "Interventional Workspot" | 1.4.3 Search vendor "Philips" for product "Interventional Workspot" and version "1.4.3" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Interventional Workspot Search vendor "Philips" for product "Interventional Workspot" | 1.4.5 Search vendor "Philips" for product "Interventional Workspot" and version "1.4.5" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Stentboost Live Search vendor "Philips" for product "Stentboost Live" | 1.0 Search vendor "Philips" for product "Stentboost Live" and version "1.0" | - |
Affected
| ||||||
| Philips Search vendor "Philips" | Viewforum Search vendor "Philips" for product "Viewforum" | 6.3v1l10 Search vendor "Philips" for product "Viewforum" and version "6.3v1l10" | - |
Affected
| ||||||