Vulnerabilities > Philips > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-25 | CVE-2019-13546 | Exposure of Resource to Wrong Sphere vulnerability in Philips Intellispace Perinatal K In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. | 6.8 |
| 2019-07-24 | CVE-2019-10968 | Unspecified vulnerability in Philips Zymed Holter 2010 Philips Holter 2010 Plus, all versions. | 4.4 |
| 2019-05-01 | CVE-2019-6562 | Cross-site Scripting vulnerability in Philips Tasy EMR 3.02.1744 In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. | 5.4 |
| 2018-12-07 | CVE-2018-19001 | Inadequate Encryption Strength vulnerability in Philips Healthsuite Health Philips HealthSuite Health Android App, all versions. | 4.3 |
| 2018-09-26 | CVE-2018-8846 | Cross-site Scripting vulnerability in Philips E-Alert Firmware 2.1/R2.1 Philips e-Alert Unit (non-medical device), Version R2.1 and prior. | 6.1 |
| 2018-09-26 | CVE-2018-14803 | Information Exposure vulnerability in Philips E-Alert Firmware 2.1/R2.1 Philips e-Alert Unit (non-medical device), Version R2.1 and prior. | 5.3 |
| 2018-08-22 | CVE-2018-14801 | Use of Hard-coded Credentials vulnerability in Philips products In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. | 6.2 |
| 2018-08-22 | CVE-2018-14789 | Unquoted Search Path or Element vulnerability in Philips Intellispace Cardiovascular and Xcelera In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges. | 6.7 |
| 2018-06-05 | CVE-2018-10599 | Information Exposure vulnerability in Philips products IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet. | 5.3 |
| 2018-04-30 | CVE-2017-9658 | Improper Handling of Exceptional Conditions vulnerability in Philips Intellivue Mx40 Firmware Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access point. | 6.5 |