Search criteria
2 vulnerabilities found for Ultrasound ClearVue by Philips
CVE-2020-14477 (GCVE-0-2020-14477)
Vulnerability from cvelistv5 – Published: 2020-06-26 16:15 – Updated: 2025-06-04 21:56
VLAI?
Title
Philips Ultrasound Systems Authentication Bypass Using an Alternate Path or Channel
Summary
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Philips | Ultrasound ClearVue |
Affected:
0 , < versions 3.2
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Philips reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultrasound ClearVue",
"vendor": "Philips",
"versions": [
{
"lessThan": "versions 3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ultrasound CX",
"vendor": "Philips",
"versions": [
{
"lessThan": "versions 5.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ultrasound EPIQ/Affiniti",
"vendor": "Philips",
"versions": [
{
"lessThan": "versions VM5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ultrasound Sparq",
"vendor": "Philips",
"versions": [
{
"lessThan": "version 3.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ultrasound Xperius",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Philips reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.\u003c/p\u003e"
}
],
"value": "In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:56:59.294Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips released Ultrasound EPIQ/Affiniti Version VM6.0 in April 2020\n and recommends users with the Ultrasound EPIQ/Affiniti systems to \ncontact their local Philips service support team, or regional service \nsupport for installation information.\u003c/p\u003e\n\u003cp\u003ePhilips is currently planning the following new releases:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUltrasound ClearVue Version 3.3 release in Q4 2020\u003c/li\u003e\n\u003cli\u003eUltrasound CX Version 5.0.3 release in Q4 2020\u003c/li\u003e\n\u003cli\u003eUltrasound Sparq Version 3.0.3 release in Q4 2020\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAs an interim mitigation to this vulnerability, Philips recommends \ncustomers ensure service providers can guarantee installed device \nintegrity during all service and repair operations.\u003c/p\u003e\n\u003cp\u003eUsers with questions regarding their specific Ultrasound installation\n should contact the Philips service support team or regional service \nsupport.\u003c/p\u003e\u003cp\u003eUsers can contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips customer service\u003c/a\u003e, and find more details in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ePhilips advisory \u003c/a\u003e(external link). Please see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the latest security information for Philips products.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Philips released Ultrasound EPIQ/Affiniti Version VM6.0 in April 2020\n and recommends users with the Ultrasound EPIQ/Affiniti systems to \ncontact their local Philips service support team, or regional service \nsupport for installation information.\n\n\nPhilips is currently planning the following new releases:\n\n\n\n * Ultrasound ClearVue Version 3.3 release in Q4 2020\n\n * Ultrasound CX Version 5.0.3 release in Q4 2020\n\n * Ultrasound Sparq Version 3.0.3 release in Q4 2020\n\n\n\n\nAs an interim mitigation to this vulnerability, Philips recommends \ncustomers ensure service providers can guarantee installed device \nintegrity during all service and repair operations.\n\n\nUsers with questions regarding their specific Ultrasound installation\n should contact the Philips service support team or regional service \nsupport.\n\nUsers can contact Philips customer service https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , and find more details in the Philips advisory http://www.philips.com/productsecurity (external link). Please see the Philips product security website http://www.philips.com/productsecurity for the latest security information for Philips products."
}
],
"source": {
"advisory": "ICSMA-20-177-01",
"discovery": "INTERNAL"
},
"title": "Philips Ultrasound Systems Authentication Bypass Using an Alternate Path or Channel",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Ultrasound ClearVue",
"version": {
"version_data": [
{
"version_value": "versions 3.2 and prior"
}
]
}
},
{
"product_name": "Ultrasound CX",
"version": {
"version_data": [
{
"version_value": "versions 5.0.2 and prior"
}
]
}
},
{
"product_name": "Ultrasound EPIQ/Affiniti",
"version": {
"version_data": [
{
"version_value": "versions VM5.0 and prior"
}
]
}
},
{
"product_name": "Ultrasound Sparq",
"version": {
"version_data": [
{
"version_value": "version 3.0.2 and prior"
}
]
}
},
{
"product_name": "Ultrasound Xperius",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14477",
"datePublished": "2020-06-26T16:15:14",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2025-06-04T21:56:59.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14477 (GCVE-0-2020-14477)
Vulnerability from nvd – Published: 2020-06-26 16:15 – Updated: 2025-06-04 21:56
VLAI?
Title
Philips Ultrasound Systems Authentication Bypass Using an Alternate Path or Channel
Summary
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Philips | Ultrasound ClearVue |
Affected:
0 , < versions 3.2
(custom)
|
||||||||||||||||||||||
|
||||||||||||||||||||||||
Credits
Philips reported this vulnerability to CISA.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:46:34.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Ultrasound ClearVue",
"vendor": "Philips",
"versions": [
{
"lessThan": "versions 3.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ultrasound CX",
"vendor": "Philips",
"versions": [
{
"lessThan": "versions 5.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ultrasound EPIQ/Affiniti",
"vendor": "Philips",
"versions": [
{
"lessThan": "versions VM5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ultrasound Sparq",
"vendor": "Philips",
"versions": [
{
"lessThan": "version 3.0.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Ultrasound Xperius",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Philips reported this vulnerability to CISA."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.\u003c/p\u003e"
}
],
"value": "In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T21:56:59.294Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips released Ultrasound EPIQ/Affiniti Version VM6.0 in April 2020\n and recommends users with the Ultrasound EPIQ/Affiniti systems to \ncontact their local Philips service support team, or regional service \nsupport for installation information.\u003c/p\u003e\n\u003cp\u003ePhilips is currently planning the following new releases:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUltrasound ClearVue Version 3.3 release in Q4 2020\u003c/li\u003e\n\u003cli\u003eUltrasound CX Version 5.0.3 release in Q4 2020\u003c/li\u003e\n\u003cli\u003eUltrasound Sparq Version 3.0.3 release in Q4 2020\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAs an interim mitigation to this vulnerability, Philips recommends \ncustomers ensure service providers can guarantee installed device \nintegrity during all service and repair operations.\u003c/p\u003e\n\u003cp\u003eUsers with questions regarding their specific Ultrasound installation\n should contact the Philips service support team or regional service \nsupport.\u003c/p\u003e\u003cp\u003eUsers can contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips customer service\u003c/a\u003e, and find more details in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ePhilips advisory \u003c/a\u003e(external link). Please see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the latest security information for Philips products.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Philips released Ultrasound EPIQ/Affiniti Version VM6.0 in April 2020\n and recommends users with the Ultrasound EPIQ/Affiniti systems to \ncontact their local Philips service support team, or regional service \nsupport for installation information.\n\n\nPhilips is currently planning the following new releases:\n\n\n\n * Ultrasound ClearVue Version 3.3 release in Q4 2020\n\n * Ultrasound CX Version 5.0.3 release in Q4 2020\n\n * Ultrasound Sparq Version 3.0.3 release in Q4 2020\n\n\n\n\nAs an interim mitigation to this vulnerability, Philips recommends \ncustomers ensure service providers can guarantee installed device \nintegrity during all service and repair operations.\n\n\nUsers with questions regarding their specific Ultrasound installation\n should contact the Philips service support team or regional service \nsupport.\n\nUsers can contact Philips customer service https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , and find more details in the Philips advisory http://www.philips.com/productsecurity (external link). Please see the Philips product security website http://www.philips.com/productsecurity for the latest security information for Philips products."
}
],
"source": {
"advisory": "ICSMA-20-177-01",
"discovery": "INTERNAL"
},
"title": "Philips Ultrasound Systems Authentication Bypass Using an Alternate Path or Channel",
"x_generator": {
"engine": "Vulnogram 0.2.0"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2020-14477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Philips Ultrasound ClearVue",
"version": {
"version_data": [
{
"version_value": "versions 3.2 and prior"
}
]
}
},
{
"product_name": "Ultrasound CX",
"version": {
"version_data": [
{
"version_value": "versions 5.0.2 and prior"
}
]
}
},
{
"product_name": "Ultrasound EPIQ/Affiniti",
"version": {
"version_data": [
{
"version_value": "versions VM5.0 and prior"
}
]
}
},
{
"product_name": "Ultrasound Sparq",
"version": {
"version_data": [
{
"version_value": "version 3.0.2 and prior"
}
]
}
},
{
"product_name": "Ultrasound Xperius",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01",
"refsource": "MISC",
"url": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2020-14477",
"datePublished": "2020-06-26T16:15:14",
"dateReserved": "2020-06-19T00:00:00",
"dateUpdated": "2025-06-04T21:56:59.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}