Vulnerabilities > Philips > High

DATE CVE VULNERABILITY TITLE RISK
2017-11-17 CVE-2017-14111 Insufficiently Protected Credentials vulnerability in Philips Intellispace Cardiovascular and Xcelera
The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.
network
low complexity
philips CWE-522
7.2
7.2
2017-10-01 CVE-2017-14797 Inadequate Encryption Strength vulnerability in Philips HUE Bridge Bsb002 Firmware 1707040932
Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by leveraging the ability to sniff HTTP traffic on the local intranet network.
high complexity
philips CWE-326
7.5
7.5
2017-04-12 CVE-2017-0199 Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
local
low complexity
microsoft philips
7.8
7.8
2017-04-10 CVE-2015-2884 Information Exposure vulnerability in Philips In.Sight B12037
Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi.
network
low complexity
philips CWE-200
7.5
7.5
2017-03-17 CVE-2017-0143 The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
network
low complexity
microsoft philips siemens
8.8
8.8