cnvd - cnvd-2017-34035

CNVD-2017-34035

Vulnerability from cnvd - Published: 2017-11-16

Title

Philips IntelliSpace Cardiovascular System and Xcelera System明文存储漏洞

Description

Philips IntelliSpace Cardiovascular和Xcelera系统（IntelliSpace Cardiovascular的前身）是全面的心脏影像和信息管理软件。 Philips IntelliSpace Cardiovascular System and Xcelera System存在明文存储漏洞，凭据以明文形式存储在系统文件中，导致具有较高特权的攻击者获得对数据的未经授权访问，包括患者健康信息，系统资源和误用连接资产。

Severity

高

Formal description

厂商尚未提供漏洞修补方案，请关注厂商主页及时更新： https://www.philips.com/productsecurity

Reference

https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01

Impacted products

Name
['Philips IntelliSpace Cardiovascular <=2.3.0', 'Philips Xcelera <=R4.1L1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-14111"
    }
  },
  "description": "Philips IntelliSpace Cardiovascular\u548cXcelera\u7cfb\u7edf\uff08IntelliSpace Cardiovascular\u7684\u524d\u8eab\uff09\u662f\u5168\u9762\u7684\u5fc3\u810f\u5f71\u50cf\u548c\u4fe1\u606f\u7ba1\u7406\u8f6f\u4ef6\u3002\r\n\r\nPhilips IntelliSpace Cardiovascular System and Xcelera System\u5b58\u5728\u660e\u6587\u5b58\u50a8\u6f0f\u6d1e\uff0c\u51ed\u636e\u4ee5\u660e\u6587\u5f62\u5f0f\u5b58\u50a8\u5728\u7cfb\u7edf\u6587\u4ef6\u4e2d\uff0c\u5bfc\u81f4\u5177\u6709\u8f83\u9ad8\u7279\u6743\u7684\u653b\u51fb\u8005\u83b7\u5f97\u5bf9\u6570\u636e\u7684\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\uff0c\u5305\u62ec\u60a3\u8005\u5065\u5eb7\u4fe1\u606f\uff0c\u7cfb\u7edf\u8d44\u6e90\u548c\u8bef\u7528\u8fde\u63a5\u8d44\u4ea7\u3002",
  "discovererName": "unknow",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://www.philips.com/productsecurity",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34035",
  "openTime": "2017-11-16",
  "products": {
    "product": [
      "Philips IntelliSpace Cardiovascular \u003c=2.3.0",
      "Philips Xcelera \u003c=R4.1L1"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-16",
  "title": "Philips IntelliSpace Cardiovascular System and Xcelera System\u660e\u6587\u5b58\u50a8\u6f0f\u6d1e"
}

CVE-2017-14111 (GCVE-0-2017-14111)

Vulnerability from cvelistv5 – Published: 2017-11-17 20:00 – Updated: 2024-08-05 19:20

Summary

The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.usa.philips.com/healthcare/about/cust…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/101850	vdb-entryx_refsource_BID
	https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:20:41.262Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
          },
          {
            "name": "101850",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101850"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-11-13T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-11-17T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
        },
        {
          "name": "101850",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101850"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-14111",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
              "refsource": "CONFIRM",
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "101850",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101850"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-14111",
    "datePublished": "2017-11-17T20:00:00",
    "dateReserved": "2017-09-01T00:00:00",
    "dateUpdated": "2024-08-05T19:20:41.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-34035

CVE-2017-14111 (GCVE-0-2017-14111)

Tags

Sightings

Nomenclature