Search criteria
6 vulnerabilities found for DoseWise Portal by Philips
VAR-201804-0779
Vulnerability from variot - Updated: 2023-12-18 12:02The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. Philips DoseWise Portal The application contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips' DoseWise Portal is a web-based reporting and radiation exposure tracking tool. There is a hard-coded vulnerability in Philips' DoseWise Portal. Attackers can exploit this issue to obtain sensitive information or bypass the authentication mechanism and gain unauthorized access to the device. DoseWise Portal 1.1.7.333 and 2.1.1.3069 are vulnerable. The platform is used to record, track and analyze radiation exposure to patients and physicians
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0779",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dosewise",
"scope": "eq",
"trust": 2.4,
"vendor": "philips",
"version": "1.1.7.333"
},
{
"model": "dosewise",
"scope": "eq",
"trust": 2.4,
"vendor": "philips",
"version": "2.1.1.3069"
},
{
"model": "dosewise portal",
"scope": "gte",
"trust": 0.6,
"vendor": "philips",
"version": "1.1.7.333,\u003c=2.1.1.3069"
},
{
"model": "dosewise portal",
"scope": "eq",
"trust": 0.3,
"vendor": "philips",
"version": "2.1.1.3069"
},
{
"model": "dosewise portal",
"scope": "eq",
"trust": 0.3,
"vendor": "philips",
"version": "1.1.7.333"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dosewise",
"version": "1.1.7.333"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dosewise",
"version": "2.1.1.3069"
}
],
"sources": [
{
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:dosewise:2.1.1.3069:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:dosewise:1.1.7.333:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "100471"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9656",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22813",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-117859",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9656",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9656",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-22813",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-581",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-117859",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "VULHUB",
"id": "VHN-117859"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. Philips DoseWise Portal The application contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips\u0027 DoseWise Portal is a web-based reporting and radiation exposure tracking tool. There is a hard-coded vulnerability in Philips\u0027 DoseWise Portal. \nAttackers can exploit this issue to obtain sensitive information or bypass the authentication mechanism and gain unauthorized access to the device. \nDoseWise Portal 1.1.7.333 and 2.1.1.3069 are vulnerable. The platform is used to record, track and analyze radiation exposure to patients and physicians",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"db": "VULHUB",
"id": "VHN-117859"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9656",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSMA-17-229-01",
"trust": 3.4
},
{
"db": "BID",
"id": "100471",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201706-581",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22813",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354",
"trust": 0.8
},
{
"db": "IVD",
"id": "2EBF3D19-4F4D-4628-AA8B-BDCE15496770",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-117859",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "VULHUB",
"id": "VHN-117859"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"id": "VAR-201804-0779",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "VULHUB",
"id": "VHN-117859"
}
],
"trust": 1.7333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"db": "CNVD",
"id": "CNVD-2017-22813"
}
]
},
"last_update_date": "2023-12-18T12:02:23.368000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Philips DoseWise Portal Vulnerabilities (17-AUG-2017)",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"title": "Patch for the Philips\u0027 DoseWise Portal hardcoded vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100831"
},
{
"title": "Philips DoseWise Portal Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99848"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117859"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "NVD",
"id": "CVE-2017-9656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-229-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/100471"
},
{
"trust": 1.7,
"url": "http://www.philips.com/productsecurity"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9656"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9656"
},
{
"trust": 0.3,
"url": "http://www.usa.philips.com/"
},
{
"trust": 0.3,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "VULHUB",
"id": "VHN-117859"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "VULHUB",
"id": "VHN-117859"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"date": "2018-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-117859"
},
{
"date": "2017-08-17T00:00:00",
"db": "BID",
"id": "100471"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"date": "2018-04-24T15:29:00.867000",
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-117859"
},
{
"date": "2017-08-17T00:00:00",
"db": "BID",
"id": "100471"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"date": "2019-10-09T23:30:46.940000",
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips DoseWise Portal Vulnerabilities related to the use of hard-coded credentials in applications",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
],
"trust": 0.6
}
}
VAR-201804-0778
Vulnerability from variot - Updated: 2023-12-18 12:02The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Philips DoseWise Portal of Web The base application contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips' DoseWise Portal is a web-based reporting and radiation exposure tracking tool. A plaintext storage vulnerability exists in Philips' DoseWise Portal. Attackers can exploit this issue to obtain sensitive information or bypass the authentication mechanism and gain unauthorized access to the device. DoseWise Portal 1.1.7.333 and 2.1.1.3069 are vulnerable. The platform is used to record, track and analyze radiation exposure to patients and physicians. A remote attacker could exploit this vulnerability to gain access to the DWP application database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dosewise",
"scope": "eq",
"trust": 2.4,
"vendor": "philips",
"version": "1.1.7.333"
},
{
"model": "dosewise",
"scope": "eq",
"trust": 2.4,
"vendor": "philips",
"version": "2.1.1.3069"
},
{
"model": "dosewise portal",
"scope": "gte",
"trust": 0.6,
"vendor": "philips",
"version": "1.1.7.333,\u003c=2.1.1.3069"
},
{
"model": "dosewise portal",
"scope": "eq",
"trust": 0.3,
"vendor": "philips",
"version": "2.1.1.3069"
},
{
"model": "dosewise portal",
"scope": "eq",
"trust": 0.3,
"vendor": "philips",
"version": "1.1.7.333"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dosewise",
"version": "1.1.7.333"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dosewise",
"version": "2.1.1.3069"
}
],
"sources": [
{
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:dosewise:1.1.7.333:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:dosewise:2.1.1.3069:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9654"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "100471"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9654",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9654",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22812",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b5d3f202-7804-4a30-a776-5059328187da",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-117857",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9654",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9654",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-22812",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-583",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-117857",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-9654",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "VULHUB",
"id": "VHN-117857"
},
{
"db": "VULMON",
"id": "CVE-2017-9654"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Philips DoseWise Portal of Web The base application contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips\u0027 DoseWise Portal is a web-based reporting and radiation exposure tracking tool. A plaintext storage vulnerability exists in Philips\u0027 DoseWise Portal. \nAttackers can exploit this issue to obtain sensitive information or bypass the authentication mechanism and gain unauthorized access to the device. \nDoseWise Portal 1.1.7.333 and 2.1.1.3069 are vulnerable. The platform is used to record, track and analyze radiation exposure to patients and physicians. A remote attacker could exploit this vulnerability to gain access to the DWP application database",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"db": "VULHUB",
"id": "VHN-117857"
},
{
"db": "VULMON",
"id": "CVE-2017-9654"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9654",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSMA-17-229-01",
"trust": 3.5
},
{
"db": "BID",
"id": "100471",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201706-583",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22812",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353",
"trust": 0.8
},
{
"db": "IVD",
"id": "B5D3F202-7804-4A30-A776-5059328187DA",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-117857",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-9654",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "VULHUB",
"id": "VHN-117857"
},
{
"db": "VULMON",
"id": "CVE-2017-9654"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"id": "VAR-201804-0778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "VULHUB",
"id": "VHN-117857"
}
],
"trust": 1.7333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"db": "CNVD",
"id": "CNVD-2017-22812"
}
]
},
"last_update_date": "2023-12-18T12:02:23.405000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Philips DoseWise Portal Vulnerabilities (17-AUG-2017)",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"title": "Patch for Philips\u0027 DoseWise Portal Clear Text Storage Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100830"
},
{
"title": "Philips DoseWise Portal Repair measures for trust management vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99849"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117857"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "NVD",
"id": "CVE-2017-9654"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-229-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/100471"
},
{
"trust": 1.8,
"url": "http://www.philips.com/productsecurity"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9654"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9654"
},
{
"trust": 0.3,
"url": "http://www.usa.philips.com/"
},
{
"trust": 0.3,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "VULHUB",
"id": "VHN-117857"
},
{
"db": "VULMON",
"id": "CVE-2017-9654"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "VULHUB",
"id": "VHN-117857"
},
{
"db": "VULMON",
"id": "CVE-2017-9654"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"date": "2018-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-117857"
},
{
"date": "2018-04-24T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9654"
},
{
"date": "2017-08-17T00:00:00",
"db": "BID",
"id": "100471"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"date": "2018-04-24T15:29:00.777000",
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-117857"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9654"
},
{
"date": "2017-08-17T00:00:00",
"db": "BID",
"id": "100471"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"date": "2019-10-09T23:30:46.753000",
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips DoseWise Portal of Web Vulnerability related to certificate / password management in base application",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
],
"trust": 0.6
}
}
CVE-2017-9656 (GCVE-0-2017-9656)
Vulnerability from cvelistv5 – Published: 2018-04-24 15:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
Severity ?
No CVSS data available.
CWE
- CWE-798 - Use of hard-coded credentials CWE-798
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | DoseWise Portal |
Affected:
1.1.7.333
Affected: 2.1.1.3069 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.philips.com/productsecurity"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DoseWise Portal",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "1.1.7.333"
},
{
"status": "affected",
"version": "2.1.1.3069"
}
]
}
],
"datePublic": "2017-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Use of hard-coded credentials CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-25T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.philips.com/productsecurity"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-17T00:00:00",
"ID": "CVE-2017-9656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DoseWise Portal",
"version": {
"version_data": [
{
"version_value": "1.1.7.333"
},
{
"version_value": "2.1.1.3069"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded credentials CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100471"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"name": "http://www.philips.com/productsecurity",
"refsource": "CONFIRM",
"url": "http://www.philips.com/productsecurity"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9656",
"datePublished": "2018-04-24T15:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-17T00:06:52.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9654 (GCVE-0-2017-9654)
Vulnerability from cvelistv5 – Published: 2018-04-24 15:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Severity ?
No CVSS data available.
CWE
- CWE-312 - Cleartext storage of sensitive information CWE-312
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | DoseWise Portal |
Affected:
1.1.7.333
Affected: 2.1.1.3069 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:00.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.philips.com/productsecurity"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DoseWise Portal",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "1.1.7.333"
},
{
"status": "affected",
"version": "2.1.1.3069"
}
]
}
],
"datePublic": "2017-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext storage of sensitive information CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-25T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.philips.com/productsecurity"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-17T00:00:00",
"ID": "CVE-2017-9654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DoseWise Portal",
"version": {
"version_data": [
{
"version_value": "1.1.7.333"
},
{
"version_value": "2.1.1.3069"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext storage of sensitive information CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100471"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"name": "http://www.philips.com/productsecurity",
"refsource": "CONFIRM",
"url": "http://www.philips.com/productsecurity"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9654",
"datePublished": "2018-04-24T15:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-17T03:43:28.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9656 (GCVE-0-2017-9656)
Vulnerability from nvd – Published: 2018-04-24 15:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
Severity ?
No CVSS data available.
CWE
- CWE-798 - Use of hard-coded credentials CWE-798
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | DoseWise Portal |
Affected:
1.1.7.333
Affected: 2.1.1.3069 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.philips.com/productsecurity"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DoseWise Portal",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "1.1.7.333"
},
{
"status": "affected",
"version": "2.1.1.3069"
}
]
}
],
"datePublic": "2017-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Use of hard-coded credentials CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-25T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.philips.com/productsecurity"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-17T00:00:00",
"ID": "CVE-2017-9656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DoseWise Portal",
"version": {
"version_data": [
{
"version_value": "1.1.7.333"
},
{
"version_value": "2.1.1.3069"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded credentials CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100471"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"name": "http://www.philips.com/productsecurity",
"refsource": "CONFIRM",
"url": "http://www.philips.com/productsecurity"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9656",
"datePublished": "2018-04-24T15:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-17T00:06:52.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9654 (GCVE-0-2017-9654)
Vulnerability from nvd – Published: 2018-04-24 15:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Severity ?
No CVSS data available.
CWE
- CWE-312 - Cleartext storage of sensitive information CWE-312
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | DoseWise Portal |
Affected:
1.1.7.333
Affected: 2.1.1.3069 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:00.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.philips.com/productsecurity"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DoseWise Portal",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "1.1.7.333"
},
{
"status": "affected",
"version": "2.1.1.3069"
}
]
}
],
"datePublic": "2017-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext storage of sensitive information CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-25T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.philips.com/productsecurity"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-17T00:00:00",
"ID": "CVE-2017-9654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DoseWise Portal",
"version": {
"version_data": [
{
"version_value": "1.1.7.333"
},
{
"version_value": "2.1.1.3069"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext storage of sensitive information CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100471"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"name": "http://www.philips.com/productsecurity",
"refsource": "CONFIRM",
"url": "http://www.philips.com/productsecurity"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9654",
"datePublished": "2018-04-24T15:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-17T03:43:28.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}