Search criteria
4 vulnerabilities found for DreamMapper by Philips
VAR-202008-0156
Vulnerability from variot - Updated: 2023-12-18 12:16Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. Philips Provided by the company DreamMapper Is a mobile application to help treat sleep apnea. It is not an application that provides treatment or diagnosis directly to the patient, so it does not affect patient safety. Philips DreamMapper is a sleep therapy equipment management program of Philips in Europe
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202008-0156",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dreammapper",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "2.24"
},
{
"model": "dreammapper",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "version 2.24"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"db": "NVD",
"id": "CVE-2020-14518"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:dreammapper:*:*:*:*:*:iphone_os:*:*",
"cpe_name": [],
"versionEndIncluding": "2.24",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:dreammapper:*:*:*:*:*:android:*:*",
"cpe_name": [],
"versionEndIncluding": "2.24",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14518"
}
]
},
"cve": "CVE-2020-14518",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-167404",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA score",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-007131",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-14518",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2020-007131",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202007-1789",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-167404",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167404"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"db": "NVD",
"id": "CVE-2020-14518"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker. Philips Provided by the company DreamMapper Is a mobile application to help treat sleep apnea. It is not an application that provides treatment or diagnosis directly to the patient, so it does not affect patient safety. Philips DreamMapper is a sleep therapy equipment management program of Philips in Europe",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-14518"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"db": "VULHUB",
"id": "VHN-167404"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSMA-20-212-01",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2020-14518",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVNVU90407983",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007131",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1789",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2020.2625",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-167404",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167404"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"db": "NVD",
"id": "CVE-2020-14518"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
]
},
"id": "VAR-202008-0156",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-167404"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:16:53.913000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Philips DreamMapper (30 July 2020)",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-532",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167404"
},
{
"db": "NVD",
"id": "CVE-2020-14518"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-14518"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu90407983"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2020.2625/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14518"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-167404"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"db": "NVD",
"id": "CVE-2020-14518"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-167404"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"db": "NVD",
"id": "CVE-2020-14518"
},
{
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-21T00:00:00",
"db": "VULHUB",
"id": "VHN-167404"
},
{
"date": "2020-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"date": "2020-08-21T13:15:13.443000",
"db": "NVD",
"id": "CVE-2020-14518"
},
{
"date": "2020-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-27T00:00:00",
"db": "VULHUB",
"id": "VHN-167404"
},
{
"date": "2020-08-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-007131"
},
{
"date": "2020-08-27T15:32:05.937000",
"db": "NVD",
"id": "CVE-2020-14518"
},
{
"date": "2020-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Made DreamMapper Vulnerability of information leakage from log files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-007131"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "log information leak",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202007-1789"
}
],
"trust": 0.6
}
}
FKIE_CVE-2020-14518
Vulnerability from fkie_nvd - Published: 2020-08-21 13:15 - Updated: 2025-06-04 22:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01 | Third Party Advisory, US Government Resource |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| philips | dreammapper | * | |
| philips | dreammapper | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:dreammapper:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "1103BC77-0960-4F35-A2F6-F02E44B970BB",
"versionEndIncluding": "2.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:dreammapper:*:*:*:*:*:android:*:*",
"matchCriteriaId": "CA3EE58D-B635-45D5-AAEC-B071359FC55C",
"versionEndIncluding": "2.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker."
},
{
"lang": "es",
"value": "Philips DreamMapper, versiones 2.24 y anteriores. Una informaci\u00f3n escrita en los archivos de registro puede brindar orientaci\u00f3n a un posible atacante."
}
],
"id": "CVE-2020-14518",
"lastModified": "2025-06-04T22:15:23.157",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-08-21T13:15:13.443",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-14518 (GCVE-0-2020-14518)
Vulnerability from cvelistv5 – Published: 2020-08-21 12:10 – Updated: 2025-06-04 21:49
VLAI?
Summary
Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | DreamMapper |
Affected:
0 , < Version 2.24
(custom)
|
Credits
Lutz Weimann, Tim Hirschberg, Issam Hbib, and Florian Mommertz of SRC Security Research & Consulting GmbH reported this vulnerability to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project eCare – Digitization in care reported this to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DreamMapper",
"vendor": "Philips",
"versions": [
{
"lessThan": "Version 2.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lutz Weimann, Tim Hirschberg, Issam Hbib, and Florian Mommertz of SRC Security Research \u0026 Consulting GmbH reported this vulnerability to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project eCare \u2013 Digitization in care reported this to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.\u003c/p\u003e"
}
],
"value": "Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:49:30.879Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips plans a new release for the DreamMapper app by June 30, 2021, that remediates this vulnerability.\u003c/p\u003e\u003cp\u003eUsers with questions regarding their specific Philips DreamMapper installations should contact a \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support team or regional service support\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThe Philips advisory is available at the following URL: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ehttp://www.philips.com/productsecurity\u003c/a\u003e\u003c/p\u003ePlease see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the latest security information for Philips products."
}
],
"value": "Philips plans a new release for the DreamMapper app by June 30, 2021, that remediates this vulnerability.\n\nUsers with questions regarding their specific Philips DreamMapper installations should contact a Philips service support team or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions .\n\n\nThe Philips advisory is available at the following URL: http://www.philips.com/productsecurity \n\nPlease see the Philips product security website https://www.philips.com/productsecurity for the latest security information for Philips products."
}
],
"source": {
"advisory": "ICSMA-20-212-01",
"discovery": "EXTERNAL"
},
"title": "Philips DreamMapper Insertion of Sensitive Information into Log File",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips DreamMapper",
"version": {
"version_data": [
{
"version_value": "Version 2.24 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INSERTION OF SENSITIVE INFORMATION INTO LOG FILE CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14518",
"datePublished": "2020-08-21T12:10:50",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2025-06-04T21:49:30.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14518 (GCVE-0-2020-14518)
Vulnerability from nvd – Published: 2020-08-21 12:10 – Updated: 2025-06-04 21:49
VLAI?
Summary
Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.
Severity ?
5.3 (Medium)
CWE
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | DreamMapper |
Affected:
0 , < Version 2.24
(custom)
|
Credits
Lutz Weimann, Tim Hirschberg, Issam Hbib, and Florian Mommertz of SRC Security Research & Consulting GmbH reported this vulnerability to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project eCare – Digitization in care reported this to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.734Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "DreamMapper",
"vendor": "Philips",
"versions": [
{
"lessThan": "Version 2.24",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lutz Weimann, Tim Hirschberg, Issam Hbib, and Florian Mommertz of SRC Security Research \u0026 Consulting GmbH reported this vulnerability to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project eCare \u2013 Digitization in care reported this to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.\u003c/p\u003e"
}
],
"value": "Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:49:30.879Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"
},
{
"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips plans a new release for the DreamMapper app by June 30, 2021, that remediates this vulnerability.\u003c/p\u003e\u003cp\u003eUsers with questions regarding their specific Philips DreamMapper installations should contact a \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips service support team or regional service support\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eThe Philips advisory is available at the following URL: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ehttp://www.philips.com/productsecurity\u003c/a\u003e\u003c/p\u003ePlease see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the latest security information for Philips products."
}
],
"value": "Philips plans a new release for the DreamMapper app by June 30, 2021, that remediates this vulnerability.\n\nUsers with questions regarding their specific Philips DreamMapper installations should contact a Philips service support team or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions .\n\n\nThe Philips advisory is available at the following URL: http://www.philips.com/productsecurity \n\nPlease see the Philips product security website https://www.philips.com/productsecurity for the latest security information for Philips products."
}
],
"source": {
"advisory": "ICSMA-20-212-01",
"discovery": "EXTERNAL"
},
"title": "Philips DreamMapper Insertion of Sensitive Information into Log File",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips DreamMapper",
"version": {
"version_data": [
{
"version_value": "Version 2.24 and prior"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "INSERTION OF SENSITIVE INFORMATION INTO LOG FILE CWE-532"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14518",
"datePublished": "2020-08-21T12:10:50",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2025-06-04T21:49:30.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}