Vulnerabilities > Philips > High

DATE CVE VULNERABILITY TITLE RISK
2024-07-18 CVE-2023-40223 Unspecified vulnerability in Philips VUE Pacs 12.2.8.0
Philips Vue PACS does not properly assign, modify, track, or check actor privileges, creating an unintended sphere of control for that actor.
network
low complexity
philips
8.8
2023-11-09 CVE-2018-8863 Unspecified vulnerability in Philips Encoreanywhere 2.36.3.3
The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.
network
low complexity
philips
7.5
2022-05-25 CVE-2021-32966 Unspecified vulnerability in Philips Interoperability Solution XDS
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.
network
low complexity
philips
7.5
2022-04-01 CVE-2021-33018 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Philips products
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.
network
low complexity
philips CWE-327
7.5
2022-04-01 CVE-2021-33020 Operation on a Resource after Expiration or Release vulnerability in Philips products
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
network
low complexity
philips CWE-672
7.5
2022-04-01 CVE-2021-33022 Cleartext Transmission of Sensitive Information vulnerability in Philips products
Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
network
low complexity
philips CWE-319
7.5
2022-04-01 CVE-2021-33024 Insufficiently Protected Credentials vulnerability in Philips products
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.
network
low complexity
philips CWE-522
7.5
2021-12-27 CVE-2021-32993 Unspecified vulnerability in Philips products
IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
low complexity
philips
8.8
2021-12-27 CVE-2021-33017 Unspecified vulnerability in Philips products
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication.
low complexity
philips
8.8
2021-08-24 CVE-2021-39375 SQL Injection vulnerability in Philips Tasy Electronic Medical Record 3.06
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter.
network
low complexity
philips CWE-89
8.8