Vulnerabilities > Philips > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-22 | CVE-2018-14801 | Use of Hard-coded Credentials vulnerability in Philips products In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. | 7.2 |
| 2018-07-24 | CVE-2017-3210 | Configuration vulnerability in multiple products Applications developed using the Portrait Display SDK, versions 2.30 through 2.34, default to insecure configurations which allow arbitrary code execution. | 7.2 |
| 2018-05-04 | CVE-2018-8857 | Use of Hard-coded Credentials vulnerability in Philips products Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brilliance CT Big Bore 2.3.5 and prior) contains fixed credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.2 |
| 2018-05-04 | CVE-2018-8853 | Improper Privilege Management vulnerability in Philips products Philips Brilliance CT devices operate user functions from within a contained kiosk in a Microsoft Windows operating system. | 7.2 |
| 2018-03-28 | CVE-2018-5451 | Improper Authentication vulnerability in Philips Alice 6 Firmware In Philips Alice 6 System version R8.0.2 or prior, when an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. | 7.5 |
| 2018-03-26 | CVE-2018-5474 | Improper Input Validation vulnerability in Philips Intellispace Portal 8.0/9.0 Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash. | 7.5 |
| 2018-03-26 | CVE-2018-5472 | Unspecified vulnerability in Philips Intellispace Portal 8.0/9.0 Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code. | 7.5 |
| 2018-03-26 | CVE-2018-5470 | Untrusted Search Path vulnerability in Philips Intellispace Portal 8.0/9.0 Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges. | 7.2 |
| 2018-03-26 | CVE-2018-5468 | Unspecified vulnerability in Philips Intellispace Portal 8.0/9.0 Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code | 7.5 |
| 2017-10-01 | CVE-2017-14797 | Inadequate Encryption Strength vulnerability in Philips HUE Bridge Bsb002 Firmware 1707040932 Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network. | 7.9 |