Search criteria
8 vulnerabilities found for dosewise by philips
VAR-201804-0778
Vulnerability from variot - Updated: 2023-12-18 12:02The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Philips DoseWise Portal of Web The base application contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips' DoseWise Portal is a web-based reporting and radiation exposure tracking tool. A plaintext storage vulnerability exists in Philips' DoseWise Portal. Attackers can exploit this issue to obtain sensitive information or bypass the authentication mechanism and gain unauthorized access to the device. DoseWise Portal 1.1.7.333 and 2.1.1.3069 are vulnerable. The platform is used to record, track and analyze radiation exposure to patients and physicians. A remote attacker could exploit this vulnerability to gain access to the DWP application database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0778",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dosewise",
"scope": "eq",
"trust": 2.4,
"vendor": "philips",
"version": "1.1.7.333"
},
{
"model": "dosewise",
"scope": "eq",
"trust": 2.4,
"vendor": "philips",
"version": "2.1.1.3069"
},
{
"model": "dosewise portal",
"scope": "gte",
"trust": 0.6,
"vendor": "philips",
"version": "1.1.7.333,\u003c=2.1.1.3069"
},
{
"model": "dosewise portal",
"scope": "eq",
"trust": 0.3,
"vendor": "philips",
"version": "2.1.1.3069"
},
{
"model": "dosewise portal",
"scope": "eq",
"trust": 0.3,
"vendor": "philips",
"version": "1.1.7.333"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dosewise",
"version": "1.1.7.333"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dosewise",
"version": "2.1.1.3069"
}
],
"sources": [
{
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:dosewise:1.1.7.333:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:dosewise:2.1.1.3069:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9654"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "100471"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9654",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9654",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22812",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "b5d3f202-7804-4a30-a776-5059328187da",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-117857",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9654",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9654",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-22812",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-583",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-117857",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-9654",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "VULHUB",
"id": "VHN-117857"
},
{
"db": "VULMON",
"id": "CVE-2017-9654"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Philips DoseWise Portal of Web The base application contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips\u0027 DoseWise Portal is a web-based reporting and radiation exposure tracking tool. A plaintext storage vulnerability exists in Philips\u0027 DoseWise Portal. \nAttackers can exploit this issue to obtain sensitive information or bypass the authentication mechanism and gain unauthorized access to the device. \nDoseWise Portal 1.1.7.333 and 2.1.1.3069 are vulnerable. The platform is used to record, track and analyze radiation exposure to patients and physicians. A remote attacker could exploit this vulnerability to gain access to the DWP application database",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"db": "VULHUB",
"id": "VHN-117857"
},
{
"db": "VULMON",
"id": "CVE-2017-9654"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9654",
"trust": 3.7
},
{
"db": "ICS CERT",
"id": "ICSMA-17-229-01",
"trust": 3.5
},
{
"db": "BID",
"id": "100471",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-201706-583",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22812",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353",
"trust": 0.8
},
{
"db": "IVD",
"id": "B5D3F202-7804-4A30-A776-5059328187DA",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-117857",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-9654",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "VULHUB",
"id": "VHN-117857"
},
{
"db": "VULMON",
"id": "CVE-2017-9654"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"id": "VAR-201804-0778",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "VULHUB",
"id": "VHN-117857"
}
],
"trust": 1.7333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"db": "CNVD",
"id": "CNVD-2017-22812"
}
]
},
"last_update_date": "2023-12-18T12:02:23.405000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Philips DoseWise Portal Vulnerabilities (17-AUG-2017)",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"title": "Patch for Philips\u0027 DoseWise Portal Clear Text Storage Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100830"
},
{
"title": "Philips DoseWise Portal Repair measures for trust management vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99849"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117857"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "NVD",
"id": "CVE-2017-9654"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-229-01"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/100471"
},
{
"trust": 1.8,
"url": "http://www.philips.com/productsecurity"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9654"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9654"
},
{
"trust": 0.3,
"url": "http://www.usa.philips.com/"
},
{
"trust": 0.3,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/522.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "VULHUB",
"id": "VHN-117857"
},
{
"db": "VULMON",
"id": "CVE-2017-9654"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"db": "VULHUB",
"id": "VHN-117857"
},
{
"db": "VULMON",
"id": "CVE-2017-9654"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "b5d3f202-7804-4a30-a776-5059328187da"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"date": "2018-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-117857"
},
{
"date": "2018-04-24T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9654"
},
{
"date": "2017-08-17T00:00:00",
"db": "BID",
"id": "100471"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"date": "2018-04-24T15:29:00.777000",
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22812"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-117857"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULMON",
"id": "CVE-2017-9654"
},
{
"date": "2017-08-17T00:00:00",
"db": "BID",
"id": "100471"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013353"
},
{
"date": "2019-10-09T23:30:46.753000",
"db": "NVD",
"id": "CVE-2017-9654"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips DoseWise Portal of Web Vulnerability related to certificate / password management in base application",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013353"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-583"
}
],
"trust": 0.6
}
}
VAR-201804-0779
Vulnerability from variot - Updated: 2023-12-18 12:02The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. Philips DoseWise Portal The application contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips' DoseWise Portal is a web-based reporting and radiation exposure tracking tool. There is a hard-coded vulnerability in Philips' DoseWise Portal. Attackers can exploit this issue to obtain sensitive information or bypass the authentication mechanism and gain unauthorized access to the device. DoseWise Portal 1.1.7.333 and 2.1.1.3069 are vulnerable. The platform is used to record, track and analyze radiation exposure to patients and physicians
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201804-0779",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dosewise",
"scope": "eq",
"trust": 2.4,
"vendor": "philips",
"version": "1.1.7.333"
},
{
"model": "dosewise",
"scope": "eq",
"trust": 2.4,
"vendor": "philips",
"version": "2.1.1.3069"
},
{
"model": "dosewise portal",
"scope": "gte",
"trust": 0.6,
"vendor": "philips",
"version": "1.1.7.333,\u003c=2.1.1.3069"
},
{
"model": "dosewise portal",
"scope": "eq",
"trust": 0.3,
"vendor": "philips",
"version": "2.1.1.3069"
},
{
"model": "dosewise portal",
"scope": "eq",
"trust": 0.3,
"vendor": "philips",
"version": "1.1.7.333"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dosewise",
"version": "1.1.7.333"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "dosewise",
"version": "2.1.1.3069"
}
],
"sources": [
{
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:dosewise:2.1.1.3069:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:dosewise:1.1.7.333:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9656"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "100471"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9656",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-9656",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-22813",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-117859",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-9656",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-9656",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-22813",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-581",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-117859",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "VULHUB",
"id": "VHN-117859"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H. Philips DoseWise Portal The application contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips\u0027 DoseWise Portal is a web-based reporting and radiation exposure tracking tool. There is a hard-coded vulnerability in Philips\u0027 DoseWise Portal. \nAttackers can exploit this issue to obtain sensitive information or bypass the authentication mechanism and gain unauthorized access to the device. \nDoseWise Portal 1.1.7.333 and 2.1.1.3069 are vulnerable. The platform is used to record, track and analyze radiation exposure to patients and physicians",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"db": "VULHUB",
"id": "VHN-117859"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9656",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSMA-17-229-01",
"trust": 3.4
},
{
"db": "BID",
"id": "100471",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201706-581",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-22813",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354",
"trust": 0.8
},
{
"db": "IVD",
"id": "2EBF3D19-4F4D-4628-AA8B-BDCE15496770",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-117859",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "VULHUB",
"id": "VHN-117859"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"id": "VAR-201804-0779",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "VULHUB",
"id": "VHN-117859"
}
],
"trust": 1.7333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"db": "CNVD",
"id": "CNVD-2017-22813"
}
]
},
"last_update_date": "2023-12-18T12:02:23.368000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Philips DoseWise Portal Vulnerabilities (17-AUG-2017)",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"title": "Patch for the Philips\u0027 DoseWise Portal hardcoded vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100831"
},
{
"title": "Philips DoseWise Portal Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99848"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-117859"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "NVD",
"id": "CVE-2017-9656"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-17-229-01"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/100471"
},
{
"trust": 1.7,
"url": "http://www.philips.com/productsecurity"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9656"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9656"
},
{
"trust": 0.3,
"url": "http://www.usa.philips.com/"
},
{
"trust": 0.3,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "VULHUB",
"id": "VHN-117859"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"db": "VULHUB",
"id": "VHN-117859"
},
{
"db": "BID",
"id": "100471"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "IVD",
"id": "2ebf3d19-4f4d-4628-aa8b-bdce15496770"
},
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"date": "2018-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-117859"
},
{
"date": "2017-08-17T00:00:00",
"db": "BID",
"id": "100471"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"date": "2018-04-24T15:29:00.867000",
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-22813"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-117859"
},
{
"date": "2017-08-17T00:00:00",
"db": "BID",
"id": "100471"
},
{
"date": "2018-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013354"
},
{
"date": "2019-10-09T23:30:46.940000",
"db": "NVD",
"id": "CVE-2017-9656"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips DoseWise Portal Vulnerabilities related to the use of hard-coded credentials in applications",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013354"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-581"
}
],
"trust": 0.6
}
}
FKIE_CVE-2017-9656
Vulnerability from fkie_nvd - Published: 2018-04-24 15:29 - Updated: 2024-11-21 03:36
Severity ?
Summary
The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.philips.com/productsecurity | Vendor Advisory | |
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/100471 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.philips.com/productsecurity | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100471 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:dosewise:1.1.7.333:*:*:*:*:*:*:*",
"matchCriteriaId": "80593A69-82A9-47D2-A64A-248018A0C59D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philips:dosewise:2.1.1.3069:*:*:*:*:*:*:*",
"matchCriteriaId": "AE12F34E-51D6-4045-888A-5D702FE85B1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H."
},
{
"lang": "es",
"value": "La base de datos del backend de la aplicaci\u00f3n Philips DoseWise Portal, en sus versiones 1.1.7.333 y 2.1.1.3069, emplea credenciales embebidas para una cuenta de la base de datos con privilegios que puede afectar a la confidencialidad, integridad y disponibilidad de la base de datos. Para que un atacante explote esta vulnerabilidad, primero necesita privilegios elevados para poder acceder a los archivos del sistema del backend de la aplicaci\u00f3n web que contienen las credenciales embebidas. Si se explota esta vulnerabilidad con \u00e9xito, un atacante remoto podr\u00eda obtener acceso a la base de datos de la aplicaci\u00f3n DWP, que contiene PHI. Puntuaci\u00f3n base de CVSS v3: 9.1, cadena de vector CVSS: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H."
}
],
"id": "CVE-2017-9656",
"lastModified": "2024-11-21T03:36:35.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-24T15:29:00.867",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.philips.com/productsecurity"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.philips.com/productsecurity"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-798"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-9654
Vulnerability from fkie_nvd - Published: 2018-04-24 15:29 - Updated: 2024-11-21 03:36
Severity ?
Summary
The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | http://www.philips.com/productsecurity | Vendor Advisory | |
| ics-cert@hq.dhs.gov | http://www.securityfocus.com/bid/100471 | Third Party Advisory, VDB Entry | |
| ics-cert@hq.dhs.gov | https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.philips.com/productsecurity | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100471 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01 | Third Party Advisory, US Government Resource |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:dosewise:1.1.7.333:*:*:*:*:*:*:*",
"matchCriteriaId": "80593A69-82A9-47D2-A64A-248018A0C59D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:philips:dosewise:2.1.1.3069:*:*:*:*:*:*:*",
"matchCriteriaId": "AE12F34E-51D6-4045-888A-5D702FE85B1F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n basada en web Philips DoseWise Portal, en sus versiones 1.1.7.333 y 2.1.1.3069, almacena las credenciales de inicio de sesi\u00f3n en texto claro en los archivos de sistema del backend. Puntuaci\u00f3n base de CVSS v3: 6.5, cadena de vector CVSS: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N."
}
],
"id": "CVE-2017-9654",
"lastModified": "2024-11-21T03:36:35.477",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-24T15:29:00.777",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://www.philips.com/productsecurity"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.philips.com/productsecurity"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-312"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-522"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2017-9654 (GCVE-0-2017-9654)
Vulnerability from cvelistv5 – Published: 2018-04-24 15:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Severity ?
No CVSS data available.
CWE
- CWE-312 - Cleartext storage of sensitive information CWE-312
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | DoseWise Portal |
Affected:
1.1.7.333
Affected: 2.1.1.3069 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:00.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.philips.com/productsecurity"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DoseWise Portal",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "1.1.7.333"
},
{
"status": "affected",
"version": "2.1.1.3069"
}
]
}
],
"datePublic": "2017-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext storage of sensitive information CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-25T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.philips.com/productsecurity"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-17T00:00:00",
"ID": "CVE-2017-9654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DoseWise Portal",
"version": {
"version_data": [
{
"version_value": "1.1.7.333"
},
{
"version_value": "2.1.1.3069"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext storage of sensitive information CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100471"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"name": "http://www.philips.com/productsecurity",
"refsource": "CONFIRM",
"url": "http://www.philips.com/productsecurity"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9654",
"datePublished": "2018-04-24T15:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-17T03:43:28.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9656 (GCVE-0-2017-9656)
Vulnerability from cvelistv5 – Published: 2018-04-24 15:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
Severity ?
No CVSS data available.
CWE
- CWE-798 - Use of hard-coded credentials CWE-798
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | DoseWise Portal |
Affected:
1.1.7.333
Affected: 2.1.1.3069 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.philips.com/productsecurity"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DoseWise Portal",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "1.1.7.333"
},
{
"status": "affected",
"version": "2.1.1.3069"
}
]
}
],
"datePublic": "2017-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Use of hard-coded credentials CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-25T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.philips.com/productsecurity"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-17T00:00:00",
"ID": "CVE-2017-9656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DoseWise Portal",
"version": {
"version_data": [
{
"version_value": "1.1.7.333"
},
{
"version_value": "2.1.1.3069"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded credentials CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100471"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"name": "http://www.philips.com/productsecurity",
"refsource": "CONFIRM",
"url": "http://www.philips.com/productsecurity"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9656",
"datePublished": "2018-04-24T15:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-17T00:06:52.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9654 (GCVE-0-2017-9654)
Vulnerability from nvd – Published: 2018-04-24 15:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Severity ?
No CVSS data available.
CWE
- CWE-312 - Cleartext storage of sensitive information CWE-312
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | DoseWise Portal |
Affected:
1.1.7.333
Affected: 2.1.1.3069 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:00.345Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.philips.com/productsecurity"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DoseWise Portal",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "1.1.7.333"
},
{
"status": "affected",
"version": "2.1.1.3069"
}
]
}
],
"datePublic": "2017-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "Cleartext storage of sensitive information CWE-312",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-25T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.philips.com/productsecurity"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-17T00:00:00",
"ID": "CVE-2017-9654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DoseWise Portal",
"version": {
"version_data": [
{
"version_value": "1.1.7.333"
},
{
"version_value": "2.1.1.3069"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext storage of sensitive information CWE-312"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100471"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"name": "http://www.philips.com/productsecurity",
"refsource": "CONFIRM",
"url": "http://www.philips.com/productsecurity"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9654",
"datePublished": "2018-04-24T15:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-17T03:43:28.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9656 (GCVE-0-2017-9656)
Vulnerability from nvd – Published: 2018-04-24 15:00 – Updated: 2024-09-17 00:06
VLAI?
Summary
The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
Severity ?
No CVSS data available.
CWE
- CWE-798 - Use of hard-coded credentials CWE-798
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Philips | DoseWise Portal |
Affected:
1.1.7.333
Affected: 2.1.1.3069 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:01.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.philips.com/productsecurity"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "DoseWise Portal",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "1.1.7.333"
},
{
"status": "affected",
"version": "2.1.1.3069"
}
]
}
],
"datePublic": "2017-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Use of hard-coded credentials CWE-798",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-25T09:57:01",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100471",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100471"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.philips.com/productsecurity"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2017-08-17T00:00:00",
"ID": "CVE-2017-9656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DoseWise Portal",
"version": {
"version_data": [
{
"version_value": "1.1.7.333"
},
{
"version_value": "2.1.1.3069"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of hard-coded credentials CWE-798"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100471"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01"
},
{
"name": "http://www.philips.com/productsecurity",
"refsource": "CONFIRM",
"url": "http://www.philips.com/productsecurity"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9656",
"datePublished": "2018-04-24T15:00:00Z",
"dateReserved": "2017-06-14T00:00:00",
"dateUpdated": "2024-09-17T00:06:52.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}