Vulnerabilities > Philips > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-05-01 | CVE-2019-6562 | Cross-site Scripting vulnerability in Philips Tasy EMR 3.02.1744 In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. | 5.4 |
| 2018-12-07 | CVE-2018-19001 | Inadequate Encryption Strength vulnerability in Philips Healthsuite Health Philips HealthSuite Health Android App, all versions. | 4.3 |
| 2018-09-26 | CVE-2018-8846 | Cross-site Scripting vulnerability in Philips E-Alert Firmware 2.1/R2.1 Philips e-Alert Unit (non-medical device), Version R2.1 and prior. | 6.1 |
| 2018-09-26 | CVE-2018-14803 | Information Exposure vulnerability in Philips E-Alert Firmware 2.1/R2.1 Philips e-Alert Unit (non-medical device), Version R2.1 and prior. | 5.3 |
| 2018-08-22 | CVE-2018-14801 | Use of Hard-coded Credentials vulnerability in Philips products In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords. | 6.2 |
| 2018-08-22 | CVE-2018-14789 | Unquoted Search Path or Element vulnerability in Philips Intellispace Cardiovascular and Xcelera In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges. | 6.7 |
| 2018-06-05 | CVE-2018-10599 | Information Exposure vulnerability in Philips products IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet. | 5.3 |
| 2018-04-30 | CVE-2017-9658 | Improper Handling of Exceptional Conditions vulnerability in Philips Intellivue Mx40 Firmware Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access point. | 6.5 |
| 2018-04-30 | CVE-2017-9657 | Improper Handling of Exceptional Conditions vulnerability in Philips Intellivue Mx40 Firmware Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible. | 6.5 |
| 2018-03-20 | CVE-2018-5438 | Insufficient Session Expiration vulnerability in Philips Intellispace Cardiovascular 2.3.0 Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user. | 6.3 |