Vulnerabilities > Philips > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-24 | CVE-2021-39376 | SQL Injection vulnerability in Philips Tasy Electronic Medical Record 3.06 Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter. | 8.8 |
| 2020-12-21 | CVE-2018-7580 | Resource Exhaustion vulnerability in Philips HUE Firmware Philips Hue is vulnerable to a Denial of Service attack. | 7.5 |
| 2020-09-18 | CVE-2020-16247 | Exposure of Resource to Wrong Sphere vulnerability in Philips Clinical Collaboration Platform 12.2.1 Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. | 7.1 |
| 2020-09-11 | CVE-2020-16222 | Improper Authentication vulnerability in Philips products In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct. | 8.8 |
| 2020-08-31 | CVE-2020-11618 | THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes have their TELNET service hardcoded to start on boot, which allows an attacker on the local network to achieve root access via the TELNET protocol. | 7.8 |
| 2020-08-13 | CVE-2020-7360 | Uncontrolled Search Path Element vulnerability in Philips Smartcontrol 4.3.15 An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. | 7.3 |
| 2020-01-23 | CVE-2020-6007 | Out-of-bounds Write vulnerability in Philips HUE Bridge V2 Firmware Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution. | 7.9 |
| 2019-11-14 | CVE-2019-18980 | Missing Encryption of Sensitive Data vulnerability in Philips Taolight Smart Wi-Fi WIZ Connected LED Bulb 9290022656 Firmware On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9290022656 devices, an unprotected API lets remote users control the bulb's operation. | 7.5 |
| 2019-09-12 | CVE-2019-13534 | Download of Code Without Integrity Check vulnerability in Philips products Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). | 7.2 |
| 2019-09-12 | CVE-2019-13530 | Use of Hard-coded Credentials vulnerability in Philips products Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part #: M8096-67501, WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C) and WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C). | 7.2 |