Vulnerabilities > Philips

DATE CVE VULNERABILITY TITLE RISK
2018-09-26 CVE-2018-8854 Resource Exhaustion vulnerability in Philips E-Alert Firmware
Philips e-Alert Unit (non-medical device), Version R2.1 and prior.
network
low complexity
philips CWE-400
5.0
5.0
2018-09-26 CVE-2018-8852 Session Fixation vulnerability in Philips E-Alert Firmware
Philips e-Alert Unit (non-medical device), Version R2.1 and prior.
network
philips CWE-384
6.8
6.8
2018-09-26 CVE-2018-8850 Improper Input Validation vulnerability in Philips E-Alert Firmware
Philips e-Alert Unit (non-medical device), Version R2.1 and prior.
network
low complexity
philips CWE-20
7.5
7.5
2018-09-26 CVE-2018-8848 Incorrect Default Permissions vulnerability in Philips E-Alert Firmware
Philips e-Alert Unit (non-medical device), Version R2.1 and prior.
network
low complexity
philips CWE-276
5.0
5.0
2018-09-26 CVE-2018-8846 Cross-site Scripting vulnerability in Philips E-Alert Firmware
Philips e-Alert Unit (non-medical device), Version R2.1 and prior.
network
philips CWE-79
4.3
4.3
2018-09-26 CVE-2018-8844 Cross-Site Request Forgery (CSRF) vulnerability in Philips E-Alert Firmware
Philips e-Alert Unit (non-medical device), Version R2.1 and prior.
network
philips CWE-352
6.8
6.8
2018-09-26 CVE-2018-8842 Cleartext Transmission of Sensitive Information vulnerability in Philips E-Alert Firmware
Philips e-Alert Unit (non-medical device), Version R2.1 and prior.
low complexity
philips CWE-319
3.3
3.3
2018-09-26 CVE-2018-14803 Information Exposure vulnerability in Philips E-Alert Firmware
Philips e-Alert Unit (non-medical device), Version R2.1 and prior.
network
low complexity
philips CWE-200
5.0
5.0
2018-08-22 CVE-2018-14801 Use of Hard-coded Credentials vulnerability in Philips products
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.
local
low complexity
philips CWE-798
7.2
7.2
2018-08-22 CVE-2018-14799 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Philips products
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, the PageWriter device does not sanitize data entered by user.
local
low complexity
philips CWE-119
4.6
4.6