Vulnerabilities > Philips > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-11 | CVE-2020-16228 | Improper Check for Certificate Revocation vulnerability in Philips products In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate. | 6.4 |
| 2020-09-11 | CVE-2020-16214 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Philips Patient Information Center IX B.02/C.02/C.03 In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. | 5.0 |
| 2020-08-31 | CVE-2020-11617 | Improper Certificate Validation vulnerability in multiple products The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client. | 5.9 |
| 2020-08-21 | CVE-2020-16239 | Improper Authentication vulnerability in Philips Suresigns VS4 Firmware A.07.107 Philips SureSigns VS4, A.07.107 and prior. | 4.9 |
| 2020-08-21 | CVE-2020-14518 | Information Exposure Through Log Files vulnerability in Philips Dreammapper Philips DreamMapper, Version 2.24 and prior. | 5.3 |
| 2020-06-26 | CVE-2020-14477 | Improper Authentication vulnerability in Philips products In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information. | 4.4 |
| 2020-06-11 | CVE-2020-12023 | Information Exposure Through Log Files vulnerability in Philips Intellibridge Enterprise B.12 Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). | 4.5 |
| 2019-12-20 | CVE-2019-18263 | Inadequate Encryption Strength vulnerability in Philips products An issue was found in Philips Veradius Unity, Pulsera, and Endura Dual WAN Router, Veradius Unity (718132) with wireless option (shipped between 2016-August 2018), Veradius Unity (718132) with ViewForum option (shipped between 2016-August 2018), Pulsera (718095) and Endura (718075) with wireless option (shipped between 26-June-2017 through 07-August 2018), Pulsera (718095) and Endura (718075) with ViewForum option (shipped between 26-June-2017 through 07-August 2018). | 6.5 |
| 2019-11-26 | CVE-2019-18241 | Inadequate Encryption Strength vulnerability in Philips products In Philips IntelliBridge EC40 and EC80, IntelliBridge EC40 Hub all versions, and IntelliBridge EC80 Hub all versions, the SSH server running on the affected products is configured to allow weak ciphers. | 6.5 |
| 2019-11-08 | CVE-2019-13557 | Information Exposure vulnerability in Philips Tasy EMR and Tasy Webportal In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. | 5.3 |