Search criteria
3 vulnerabilities found for Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live by Philips
VAR-202101-0372
Vulnerability from variot - Updated: 2023-12-18 13:23Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component. Philips Multiple provided by the company Interventional Workstation To OS Command injection (CWE-78) Vulnerability exists.An attacker on an adjacent network could shut down or restart the workstation. Several Philips products contain a security vulnerability that could allow an attacker to modify system commands that the system is expected to execute
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0372",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "interventional workspot",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.4.0"
},
{
"model": "interventional workspot",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.4.5"
},
{
"model": "interventional workspot",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.4.3"
},
{
"model": "interventional workspot",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.4.1"
},
{
"model": "interventional workspot",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.3.2"
},
{
"model": "coronary tools",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.0"
},
{
"model": "stentboost live",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.0"
},
{
"model": "dynamic coronary roadmap",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.0"
},
{
"model": "viewforum",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "6.3v1l10"
},
{
"model": "coronary tools/dynamic coronary roadmap/stentboost live",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "(release 1.0)"
},
{
"model": "interventional workspot",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "(release 1.3.2\u30011.4.0\u30011.4.1\u30011.4.3\u30011.4.5)"
},
{
"model": "viewforum",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "(release 6.3v1l10)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "NVD",
"id": "CVE-2020-27298"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:coronary_tools:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:dynamic_coronary_roadmap:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:interventional_workspot:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:interventional_workspot:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:interventional_workspot:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:interventional_workspot:1.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:interventional_workspot:1.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:stentboost_live:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:viewforum:6.3v1l10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27298"
}
]
},
"cve": "CVE-2020-27298",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-370818",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-27298",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-001009",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-27298",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2021-001009",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-1616",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-370818",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-27298",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370818"
},
{
"db": "VULMON",
"id": "CVE-2020-27298"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "NVD",
"id": "CVE-2020-27298"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component. Philips Multiple provided by the company Interventional Workstation To OS Command injection (CWE-78) Vulnerability exists.An attacker on an adjacent network could shut down or restart the workstation. Several Philips products contain a security vulnerability that could allow an attacker to modify system commands that the system is expected to execute",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27298"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "VULHUB",
"id": "VHN-370818"
},
{
"db": "VULMON",
"id": "CVE-2020-27298"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-27298",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSMA-21-019-01",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU99865781",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001009",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1616",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0229",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-370818",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-27298",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370818"
},
{
"db": "VULMON",
"id": "CVE-2020-27298"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "NVD",
"id": "CVE-2020-27298"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
]
},
"id": "VAR-202101-0372",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-370818"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:23:01.021000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Customer Service Solutions",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"title": "Product Security",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"title": "Philips Various product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=139868"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370818"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "NVD",
"id": "CVE-2020-27298"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27298"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu99865781"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27298"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0229/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195254"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370818"
},
{
"db": "VULMON",
"id": "CVE-2020-27298"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "NVD",
"id": "CVE-2020-27298"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-370818"
},
{
"db": "VULMON",
"id": "CVE-2020-27298"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "NVD",
"id": "CVE-2020-27298"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-370818"
},
{
"date": "2021-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27298"
},
{
"date": "2021-01-21T05:09:27",
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"date": "2021-01-26T18:15:45.990000",
"db": "NVD",
"id": "CVE-2020-27298"
},
{
"date": "2021-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-370818"
},
{
"date": "2021-02-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27298"
},
{
"date": "2021-01-21T05:09:27",
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"date": "2021-02-02T19:03:37.457000",
"db": "NVD",
"id": "CVE-2020-27298"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Philips Made Interventional Workstation To OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
],
"trust": 0.6
}
}
CVE-2020-27298 (GCVE-0-2020-27298)
Vulnerability from cvelistv5 – Published: 2021-01-20 19:27 – Updated: 2025-06-04 19:46
VLAI?
Summary
Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.
Severity ?
6.5 (Medium)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Philips | Interventional Workspot |
Affected:
Release 1.3.2
Affected: Release 1.4.0 Affected: Release 1.4.1 Affected: Release 1.4.3 Affected: Release 1.4.5 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Interventional Workspot",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "Release 1.3.2"
},
{
"status": "affected",
"version": "Release 1.4.0"
},
{
"status": "affected",
"version": "Release 1.4.1"
},
{
"status": "affected",
"version": "Release 1.4.3"
},
{
"status": "affected",
"version": "Release 1.4.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "Release 1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ViewForum",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "Release 6.3V1L10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.\u003c/p\u003e"
}
],
"value": "Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T19:46:39.186Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-019-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips has released a software patch to proactively address this \nvulnerability in the installed base and will schedule service activities\n with impacted users to implement the correction. As a mitigation for \nthis vulnerability, users with expertise are advised to change the IPMI \npassword for the workstation interface.\u003c/p\u003e\n\u003cp\u003eUsers with questions regarding specific Philips Interventional \nWorkspot and/or installations and correction eligibility should contact a\n \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support team, regional service support\u003c/a\u003e\u003c/p\u003e\u003cp\u003e, or call 1-800-722-9377 with reference to field change order (FCO) number 2019-IGTBST-014.\u003c/p\u003e\n\u003cp\u003ePlease see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e\u003c/p\u003e for the Philips advisory and the latest security information for Philips products.\n\n\u003cbr\u003e"
}
],
"value": "Philips has released a software patch to proactively address this \nvulnerability in the installed base and will schedule service activities\n with impacted users to implement the correction. As a mitigation for \nthis vulnerability, users with expertise are advised to change the IPMI \npassword for the workstation interface.\n\n\nUsers with questions regarding specific Philips Interventional \nWorkspot and/or installations and correction eligibility should contact a\n Philips service support team, regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions \n\n, or call 1-800-722-9377 with reference to field change order (FCO) number 2019-IGTBST-014.\n\n\nPlease see the Philips product security website https://www.philips.com/productsecurity \n\n for the Philips advisory and the latest security information for Philips products."
}
],
"source": {
"advisory": "ICSMA-21-019-01",
"discovery": "INTERNAL"
},
"title": "Philips Interventional Workstations OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Interventional WorkSpot, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live, ViewForum",
"version": {
"version_data": [
{
"version_value": "Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10)."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27298",
"datePublished": "2021-01-20T19:27:22",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2025-06-04T19:46:39.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27298 (GCVE-0-2020-27298)
Vulnerability from nvd – Published: 2021-01-20 19:27 – Updated: 2025-06-04 19:46
VLAI?
Summary
Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.
Severity ?
6.5 (Medium)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Philips | Interventional Workspot |
Affected:
Release 1.3.2
Affected: Release 1.4.0 Affected: Release 1.4.1 Affected: Release 1.4.3 Affected: Release 1.4.5 |
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:36.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Interventional Workspot",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "Release 1.3.2"
},
{
"status": "affected",
"version": "Release 1.4.0"
},
{
"status": "affected",
"version": "Release 1.4.1"
},
{
"status": "affected",
"version": "Release 1.4.3"
},
{
"status": "affected",
"version": "Release 1.4.5"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "Release 1.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ViewForum",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "Release 6.3V1L10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.\u003c/p\u003e"
}
],
"value": "Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T19:46:39.186Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-019-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips has released a software patch to proactively address this \nvulnerability in the installed base and will schedule service activities\n with impacted users to implement the correction. As a mitigation for \nthis vulnerability, users with expertise are advised to change the IPMI \npassword for the workstation interface.\u003c/p\u003e\n\u003cp\u003eUsers with questions regarding specific Philips Interventional \nWorkspot and/or installations and correction eligibility should contact a\n \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support team, regional service support\u003c/a\u003e\u003c/p\u003e\u003cp\u003e, or call 1-800-722-9377 with reference to field change order (FCO) number 2019-IGTBST-014.\u003c/p\u003e\n\u003cp\u003ePlease see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e\u003c/p\u003e for the Philips advisory and the latest security information for Philips products.\n\n\u003cbr\u003e"
}
],
"value": "Philips has released a software patch to proactively address this \nvulnerability in the installed base and will schedule service activities\n with impacted users to implement the correction. As a mitigation for \nthis vulnerability, users with expertise are advised to change the IPMI \npassword for the workstation interface.\n\n\nUsers with questions regarding specific Philips Interventional \nWorkspot and/or installations and correction eligibility should contact a\n Philips service support team, regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions \n\n, or call 1-800-722-9377 with reference to field change order (FCO) number 2019-IGTBST-014.\n\n\nPlease see the Philips product security website https://www.philips.com/productsecurity \n\n for the Philips advisory and the latest security information for Philips products."
}
],
"source": {
"advisory": "ICSMA-21-019-01",
"discovery": "INTERNAL"
},
"title": "Philips Interventional Workstations OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-27298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Interventional WorkSpot, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live, ViewForum",
"version": {
"version_data": [
{
"version_value": "Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10)."
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND (\u0027OS COMMAND INJECTION\u0027) CWE-78"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-27298",
"datePublished": "2021-01-20T19:27:22",
"dateReserved": "2020-10-19T00:00:00",
"dateUpdated": "2025-06-04T19:46:39.186Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}