cvelistv5 - cve-2017-14111

CVE-2017-14111 (GCVE-0-2017-14111)

Vulnerability from cvelistv5 – Published: 2017-11-17 20:00 – Updated: 2024-08-05 19:20

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

ICSMA-17-318-01

Vulnerability from csaf_cisa - Published: 2017-11-14 00:00 - Updated: 2017-11-14 00:00

Summary

Philips IntelliSpace Cardiovascular System and Xcelera System Vulnerability

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Philips reported a vulnerability in the Philips ' IntelliSpace Cardiovascular and Xcelera cardiac image and information management systems. Philips has produced updates that mitigate this vulnerability in the affected products.

Recommended Practices

ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

ICS-CERT also provides a section for security recommended practices on the ICS-CERT web page athttp://ics-cert.us-cert.gov/content/recommended-practices. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).

Recommended Practices

Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Philips",
        "summary": "reporting a vulnerability in the Philips\u0027 IntelliSpace Cardiovascular and Xcelera cardiac image and information management systems. Philips has produced updates that mitigate this vulnerability in the affected products"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Philips reported a vulnerability in the Philips \u0027 IntelliSpace Cardiovascular and Xcelera cardiac image and information management systems. Philips has produced updates that mitigate this vulnerability in the affected products.",
        "title": "Risk evaluation"
      },
      {
        "category": "general",
        "text": "ICS-CERT recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "ICS-CERT also provides a section for security recommended practices on the ICS-CERT web page athttp://ics-cert.us-cert.gov/content/recommended-practices. ICS-CERT reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available in the ICS -CERT Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies, that is available for download from the ICS-CERT web site (http://ics-cert.us-cert.gov/).",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to ICS-CERT for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-17-318-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2017/icsma-17-318-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-17-318-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-17-318-01"
      }
    ],
    "title": "Philips IntelliSpace Cardiovascular System and Xcelera System Vulnerability",
    "tracking": {
      "current_release_date": "2017-11-14T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSMA-17-318-01",
      "initial_release_date": "2017-11-14T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2017-11-14T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-17-318-01 Philips IntelliSpace Cardiovascular System and Xcelera System Vulnerability"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= 2.3.0",
                "product": {
                  "name": "IntelliSpace Cardiovascular: Version 2.3.0 and prior",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "IntelliSpace Cardiovascular"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c= R4.1L1",
                "product": {
                  "name": "Xcelera: R4.1L1 and prior",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Xcelera"
          }
        ],
        "category": "vendor",
        "name": "Philips"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-14111",
      "cwe": {
        "id": "CWE-522",
        "name": "Insufficiently Protected Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "Credentials are stored in cleartext in system files that may allow an attacker with elevated privileges to gain unauthorized access to data to include patient health information, system resources, and misuse of connected assets. CVE-2017-14111 has been assigned to this vulnerability. A CVSS v3 base score of 7.2 has been assigned; the CVSS vector string is (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "cwe.mitre.org",
          "url": "http://cwe.mitre.org/data/definitions/522.html"
        },
        {
          "category": "external",
          "summary": "cve.mitre.org",
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-14111"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Philips is producing software hotfix updates for all IntelliSpace Cardiovascular and latest Xcelera versions, some of which are available upon request, while other versions are in the process of development and are expected to be completed by the end of 2017.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Philips has initiated a voluntary medical device correction aligned with IntelliSpace Cardiovascular proactive field change order (reference FCO83000202) to be issued as IntelliSpace Cardiovascular updates become available.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Users with questions regarding their specific IntelliSpace Cardiovascular or Xcelera installations are advised by Philips to contact their local Philips service support team or their regional service support. Philips \u0027 contact information is available at the following location:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "http://www.usa.philips.com/healthcare/solutions/customer-service-solutions",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "http://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
        },
        {
          "category": "vendor_fix",
          "details": "Please see the Philips product security web site for the latest security information for Philips products:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "https://www.philips.com/productsecurity",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://www.philips.com/productsecurity"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

GHSA-544P-G5P3-4C55

Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2022-05-13 01:43

Details

Severity ?

7.2 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-14111"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-522"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-11-17T20:29:00Z",
    "severity": "HIGH"
  },
  "details": "The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.",
  "id": "GHSA-544p-g5p3-4c55",
  "modified": "2022-05-13T01:43:19Z",
  "published": "2022-05-13T01:43:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14111"
    },
    {
      "type": "WEB",
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01"
    },
    {
      "type": "WEB",
      "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101850"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2017-14111

Vulnerability from fkie_nvd - Published: 2017-11-17 20:29 - Updated: 2025-04-20 01:37

Severity ?

7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://www.securityfocus.com/bid/101850	Third Party Advisory, VDB Entry
cve@mitre.org	https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01	Issue Tracking, Third Party Advisory, US Government Resource
cve@mitre.org	https://www.usa.philips.com/healthcare/about/customer-support/product-security	Issue Tracking, Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/101850	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01	Issue Tracking, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	https://www.usa.philips.com/healthcare/about/customer-support/product-security	Issue Tracking, Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	philips	intellispace_cardiovascular	*
	philips	xcelera	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:philips:intellispace_cardiovascular:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53695467-C883-4602-92F9-1D3BE724C447",
              "versionEndIncluding": "2.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:philips:xcelera:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7B42FA-43AB-4599-BE34-997D251F5A22",
              "versionEndIncluding": "r4.1l1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n de inicio de sesi\u00f3n en la estaci\u00f3n de trabajo en Philips IntelliSpace Cardiovascular (ISCV) en sus versiones 2.3.0 y anteriores y en Xcelera en versiones R4.1L1 y anteriores registra credenciales de autenticaci\u00f3n de dominio. Si se obtiene acceso a estos datos, se permitir\u00eda que un atacante utilice credenciales para acceder a la aplicaci\u00f3n o que obtenga otros privilegios de usuarios."
    }
  ],
  "id": "CVE-2017-14111",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-11-17T20:29:00.323",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101850"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/101850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-14111

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-14111

Aliases

CVE-2017-14111

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-14111",
    "description": "The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.",
    "id": "GSD-2017-14111"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-14111"
      ],
      "details": "The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.",
      "id": "GSD-2017-14111",
      "modified": "2023-12-13T01:21:12.400245Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-14111",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
            "refsource": "CONFIRM",
            "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
          },
          {
            "name": "101850",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101850"
          },
          {
            "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01",
            "refsource": "MISC",
            "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:philips:intellispace_cardiovascular:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:philips:xcelera:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r4.1l1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-14111"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-522"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "US Government Resource",
                "Third Party Advisory"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01"
            },
            {
              "name": "101850",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101850"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-11-17T20:29Z"
    }
  }
}

VAR-201711-0046

Vulnerability from variot - Updated: 2023-12-18 13:52

The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements. Philips IntelliSpace Cardiovascular (ISCV) and Xcelera Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Philips IntelliSpace Cardiovascular and Xcelera systems (the predecessor to IntelliSpace Cardiovascular) are comprehensive cardiac imaging and information management software. A plaintext storage vulnerability exists in the Philips IntelliSpace Cardiovascular System and Xcelera System. Credentials are stored in clear file in system files, resulting in highly privileged attackers gaining unauthorized access to data, including patient health information, system resources, and misuse connections. assets. this may lead to further attacks. Xcelera is its predecessor. The vulnerability is caused by the program storing certificates in clear text in system files

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201711-0046",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "intellispace cardiovascular",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "philips",
        "version": "2.3.0"
      },
      {
        "model": "xcelera",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "philips",
        "version": "r4.1l1"
      },
      {
        "model": "intellispace cardiovascular",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "philips",
        "version": "\u003c=2.3.0"
      },
      {
        "model": "xcelera \u003c=r4.1l1",
        "scope": null,
        "trust": 0.6,
        "vendor": "philips",
        "version": null
      },
      {
        "model": "xcelera",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "philips",
        "version": "r4.1l1"
      },
      {
        "model": "intellispace cardiovascular",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "philips",
        "version": "2.3.0"
      },
      {
        "model": "xcelera r4.1l1",
        "scope": null,
        "trust": 0.3,
        "vendor": "philips",
        "version": null
      },
      {
        "model": "intellispace cardiovascular",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "philips",
        "version": "2.3"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "intellispace cardiovascular",
        "version": "*"
      },
      {
        "model": null,
        "scope": "eq",
        "trust": 0.2,
        "vendor": "xcelera",
        "version": "*"
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-34035"
      },
      {
        "db": "BID",
        "id": "101850"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010491"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14111"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-015"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:philips:intellispace_cardiovascular:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:philips:xcelera:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "r4.1l1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-14111"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "101850"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2017-14111",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2017-14111",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-34035",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "IVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.2,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.9 [IVD]"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "VHN-104801",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.2,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2017-14111",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-14111",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-34035",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201709-015",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "IVD",
            "id": "01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea",
            "trust": 0.2,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-104801",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-34035"
      },
      {
        "db": "VULHUB",
        "id": "VHN-104801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010491"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14111"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-015"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements. Philips IntelliSpace Cardiovascular (ISCV) and Xcelera Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Philips IntelliSpace Cardiovascular and Xcelera systems (the predecessor to IntelliSpace Cardiovascular) are comprehensive cardiac imaging and information management software. A plaintext storage vulnerability exists in the Philips IntelliSpace Cardiovascular System and Xcelera System. Credentials are stored in clear file in system files, resulting in highly privileged attackers gaining unauthorized access to data, including patient health information, system resources, and misuse connections. assets. this may  lead to further attacks. Xcelera is its predecessor. The vulnerability is caused by the program storing certificates in clear text in system files",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-14111"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010491"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-34035"
      },
      {
        "db": "BID",
        "id": "101850"
      },
      {
        "db": "IVD",
        "id": "01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea"
      },
      {
        "db": "VULHUB",
        "id": "VHN-104801"
      }
    ],
    "trust": 2.7
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-14111",
        "trust": 3.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSMA-17-318-01",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "101850",
        "trust": 2.0
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-015",
        "trust": 0.9
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-34035",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010491",
        "trust": 0.8
      },
      {
        "db": "IVD",
        "id": "01F9D4B4-BDCF-49BF-83AA-05B63DA7E5EA",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-104801",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-34035"
      },
      {
        "db": "VULHUB",
        "id": "VHN-104801"
      },
      {
        "db": "BID",
        "id": "101850"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010491"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14111"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-015"
      }
    ]
  },
  "id": "VAR-201711-0046",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "IVD",
        "id": "01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-34035"
      },
      {
        "db": "VULHUB",
        "id": "VHN-104801"
      }
    ],
    "trust": 1.33995098
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "ICS"
        ],
        "sub_category": null,
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "IVD",
        "id": "01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-34035"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:52:52.369000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "CUSTOMER INFORMATION on IntelliSpace Cardiovascular and Xcelera Vulnerabilities",
        "trust": 0.8,
        "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
      },
      {
        "title": "Philips IntelliSpace Cardiovascular  and Xcelera Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76098"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010491"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-015"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-522",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-255",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-104801"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010491"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14111"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.4,
        "url": "https://ics-cert.us-cert.gov/advisories/icsma-17-318-01"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/101850"
      },
      {
        "trust": 1.7,
        "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14111"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-14111"
      },
      {
        "trust": 0.3,
        "url": "http://www.isssource.com/philips-clears-hole-in-medical-systems/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-34035"
      },
      {
        "db": "VULHUB",
        "id": "VHN-104801"
      },
      {
        "db": "BID",
        "id": "101850"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010491"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14111"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-015"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "IVD",
        "id": "01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-34035"
      },
      {
        "db": "VULHUB",
        "id": "VHN-104801"
      },
      {
        "db": "BID",
        "id": "101850"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010491"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-14111"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-015"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-16T00:00:00",
        "db": "IVD",
        "id": "01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea"
      },
      {
        "date": "2017-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-34035"
      },
      {
        "date": "2017-11-17T00:00:00",
        "db": "VULHUB",
        "id": "VHN-104801"
      },
      {
        "date": "2017-11-14T00:00:00",
        "db": "BID",
        "id": "101850"
      },
      {
        "date": "2017-12-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010491"
      },
      {
        "date": "2017-11-17T20:29:00.323000",
        "db": "NVD",
        "id": "CVE-2017-14111"
      },
      {
        "date": "2017-11-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-015"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-11-16T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-34035"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-104801"
      },
      {
        "date": "2017-12-19T22:37:00",
        "db": "BID",
        "id": "101850"
      },
      {
        "date": "2017-12-15T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-010491"
      },
      {
        "date": "2019-10-03T00:03:26.223000",
        "db": "NVD",
        "id": "CVE-2017-14111"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201709-015"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-015"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Philips IntelliSpace Cardiovascular and  Xcelera Vulnerabilities related to certificate and password management",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-010491"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201709-015"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2017-34035

Vulnerability from cnvd - Published: 2017-11-16

Title

Philips IntelliSpace Cardiovascular System and Xcelera System明文存储漏洞

Description

Philips IntelliSpace Cardiovascular和Xcelera系统（IntelliSpace Cardiovascular的前身）是全面的心脏影像和信息管理软件。 Philips IntelliSpace Cardiovascular System and Xcelera System存在明文存储漏洞，凭据以明文形式存储在系统文件中，导致具有较高特权的攻击者获得对数据的未经授权访问，包括患者健康信息，系统资源和误用连接资产。

Severity

高

Formal description

厂商尚未提供漏洞修补方案，请关注厂商主页及时更新： https://www.philips.com/productsecurity

Reference

https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01

Impacted products

Name
['Philips IntelliSpace Cardiovascular <=2.3.0', 'Philips Xcelera <=R4.1L1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-14111"
    }
  },
  "description": "Philips IntelliSpace Cardiovascular\u548cXcelera\u7cfb\u7edf\uff08IntelliSpace Cardiovascular\u7684\u524d\u8eab\uff09\u662f\u5168\u9762\u7684\u5fc3\u810f\u5f71\u50cf\u548c\u4fe1\u606f\u7ba1\u7406\u8f6f\u4ef6\u3002\r\n\r\nPhilips IntelliSpace Cardiovascular System and Xcelera System\u5b58\u5728\u660e\u6587\u5b58\u50a8\u6f0f\u6d1e\uff0c\u51ed\u636e\u4ee5\u660e\u6587\u5f62\u5f0f\u5b58\u50a8\u5728\u7cfb\u7edf\u6587\u4ef6\u4e2d\uff0c\u5bfc\u81f4\u5177\u6709\u8f83\u9ad8\u7279\u6743\u7684\u653b\u51fb\u8005\u83b7\u5f97\u5bf9\u6570\u636e\u7684\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\uff0c\u5305\u62ec\u60a3\u8005\u5065\u5eb7\u4fe1\u606f\uff0c\u7cfb\u7edf\u8d44\u6e90\u548c\u8bef\u7528\u8fde\u63a5\u8d44\u4ea7\u3002",
  "discovererName": "unknow",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u8865\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u53ca\u65f6\u66f4\u65b0\uff1a\r\nhttps://www.philips.com/productsecurity",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34035",
  "openTime": "2017-11-16",
  "products": {
    "product": [
      "Philips IntelliSpace Cardiovascular \u003c=2.3.0",
      "Philips Xcelera \u003c=R4.1L1"
    ]
  },
  "referenceLink": "https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01",
  "serverity": "\u9ad8",
  "submitTime": "2017-11-16",
  "title": "Philips IntelliSpace Cardiovascular System and Xcelera System\u660e\u6587\u5b58\u50a8\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-14111 (GCVE-0-2017-14111)

ICSMA-17-318-01

GHSA-544P-G5P3-4C55

FKIE_CVE-2017-14111

GSD-2017-14111

VAR-201711-0046

CNVD-2017-34035

Tags

Sightings

Nomenclature