Vulnerabilities > Philips > Medium

DATE CVE VULNERABILITY TITLE RISK
2019-05-01 CVE-2019-6562 Cross-site Scripting vulnerability in Philips Tasy EMR 3.02.1744
In Philips Tasy EMR, Tasy EMR Versions 3.02.1744 and prior, the software incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
network
low complexity
philips CWE-79
5.4
2018-12-07 CVE-2018-19001 Inadequate Encryption Strength vulnerability in Philips Healthsuite Health
Philips HealthSuite Health Android App, all versions.
low complexity
philips CWE-326
4.3
2018-09-26 CVE-2018-8846 Cross-site Scripting vulnerability in Philips E-Alert Firmware 2.1/R2.1
Philips e-Alert Unit (non-medical device), Version R2.1 and prior.
network
low complexity
philips CWE-79
6.1
2018-09-26 CVE-2018-14803 Information Exposure vulnerability in Philips E-Alert Firmware 2.1/R2.1
Philips e-Alert Unit (non-medical device), Version R2.1 and prior.
network
low complexity
philips CWE-200
5.3
2018-08-22 CVE-2018-14801 Use of Hard-coded Credentials vulnerability in Philips products
In Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs, all versions prior to May 2018, an attacker with both the superuser password and physical access can enter the superuser password that can be used to access and modify all settings on the device, as well as allow the user to reset existing passwords.
low complexity
philips CWE-798
6.2
2018-08-22 CVE-2018-14789 Unquoted Search Path or Element vulnerability in Philips Intellispace Cardiovascular and Xcelera
In Philips' IntelliSpace Cardiovascular (ISCV) products (ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior), an unquoted search path or element vulnerability has been identified, which may allow an attacker to execute arbitrary code and escalate their level of privileges.
local
low complexity
philips CWE-428
6.7
2018-06-05 CVE-2018-10599 Information Exposure vulnerability in Philips products
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet.
high complexity
philips CWE-200
5.3
2018-04-30 CVE-2017-9658 Improper Handling of Exceptional Conditions vulnerability in Philips Intellivue Mx40 Firmware
Certain 802.11 network management messages have been determined to invoke wireless access point blacklisting security defenses when not required, which can necessitate intervention by hospital staff to reset the device and reestablish a network connection to the Wi-Fi access point.
low complexity
philips CWE-755
6.5
2018-04-30 CVE-2017-9657 Improper Handling of Exceptional Conditions vulnerability in Philips Intellivue Mx40 Firmware
Under specific 802.11 network conditions, a partial re-association of the Philips IntelliVue MX40 Version B.06.18 WLAN monitor to the central monitoring station is possible.
low complexity
philips CWE-755
6.5
2018-03-20 CVE-2018-5438 Insufficient Session Expiration vulnerability in Philips Intellispace Cardiovascular 2.3.0
Philips ISCV application prior to version 2.3.0 has an insufficient session expiration vulnerability where an attacker could reuse the session of a previously logged in user.
local
high complexity
philips CWE-613
6.3