Vulnerabilities > Philips > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-18 | CVE-2023-40223 | Unspecified vulnerability in Philips VUE Pacs 12.2.8.0 Philips Vue PACS does not properly assign, modify, track, or check actor privileges, creating an unintended sphere of control for that actor. | 8.8 |
| 2023-11-09 | CVE-2018-8863 | Unspecified vulnerability in Philips Encoreanywhere 2.36.3.3 The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information. | 7.5 |
| 2022-05-25 | CVE-2021-32966 | Cleartext Transmission of Sensitive Information vulnerability in Philips Interoperability Solution XDS Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. | 7.5 |
| 2022-04-01 | CVE-2021-33018 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Philips products The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information. | 7.5 |
| 2022-04-01 | CVE-2021-33020 | Operation on a Resource after Expiration or Release vulnerability in Philips products Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. | 7.5 |
| 2022-04-01 | CVE-2021-33022 | Cleartext Transmission of Sensitive Information vulnerability in Philips products Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | 7.5 |
| 2022-04-01 | CVE-2021-33024 | Insufficiently Protected Credentials vulnerability in Philips products Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. | 7.5 |
| 2021-12-27 | CVE-2021-32993 | Use of Hard-coded Credentials vulnerability in Philips products IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 8.8 |
| 2021-12-27 | CVE-2021-33017 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Philips products The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires authentication, but the product has an alternate path or channel that does not require authentication. | 8.8 |
| 2021-08-24 | CVE-2021-39375 | SQL Injection vulnerability in Philips Tasy Electronic Medical Record 3.06 Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. | 8.8 |