Vulnerabilities > Philips > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-19 | CVE-2021-26262 | Unspecified vulnerability in Philips MRI 1.5T Firmware and MRI 3T Firmware Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | 5.0 |
| 2021-08-24 | CVE-2021-39375 | SQL Injection vulnerability in Philips Tasy Electronic Medical Record 3.06 Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. | 6.5 |
| 2021-08-24 | CVE-2021-39376 | SQL Injection vulnerability in Philips Tasy Electronic Medical Record 3.06 Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter. | 6.5 |
| 2020-12-21 | CVE-2018-7580 | Resource Exhaustion vulnerability in Philips HUE Firmware Philips Hue is vulnerable to a Denial of Service attack. | 5.0 |
| 2020-09-18 | CVE-2020-16198 | Protection Mechanism Failure vulnerability in Philips Clinical Collaboration Platform 12.2.1 Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. | 5.8 |
| 2020-09-18 | CVE-2020-14506 | Cross-Site Request Forgery (CSRF) vulnerability in Philips Clinical Collaboration Platform 12.2.1 Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. | 4.3 |
| 2020-09-11 | CVE-2020-16224 | Improper Handling of Length Parameter Inconsistency vulnerability in Philips Patient Information Center IX C.02/C.03 In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart. | 6.5 |
| 2020-09-11 | CVE-2020-16220 | Improper Validation of Syntactic Correctness of Input vulnerability in Philips products In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. | 4.3 |
| 2020-09-11 | CVE-2020-16216 | Improper Input Validation vulnerability in Philips products In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart. | 6.5 |
| 2020-09-11 | CVE-2020-16212 | Exposure of Resource to Wrong Sphere vulnerability in Philips Patient Information Center IX B.02/C.02/C.03 In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | 6.8 |