CVE-2020-14477 (GCVE-0-2020-14477)

Vulnerability from cvelistv5 – Published: 2020-06-26 16:15 – Updated: 2025-06-04 21:56
VLAI?
Summary
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
Severity ?
3.6 (Low)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
Philips Ultrasound ClearVue Affected: 0 , < versions 3.2 (custom)
Create a notification for this product.
Credits
Philips reported this vulnerability to CISA.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:46:34.685Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Ultrasound ClearVue",
          "vendor": "Philips",
          "versions": [
            {
              "lessThan": "versions 3.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Ultrasound CX",
          "vendor": "Philips",
          "versions": [
            {
              "lessThan": "versions 5.0.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Ultrasound EPIQ/Affiniti",
          "vendor": "Philips",
          "versions": [
            {
              "lessThan": "versions VM5.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Ultrasound Sparq",
          "vendor": "Philips",
          "versions": [
            {
              "lessThan": "version 3.0.2",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Ultrasound Xperius",
          "vendor": "Philips",
          "versions": [
            {
              "status": "affected",
              "version": "all versions"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Philips reported this vulnerability to CISA."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.\u003c/p\u003e"
            }
          ],
          "value": "In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.6,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-04T21:56:59.294Z",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003ePhilips released Ultrasound EPIQ/Affiniti Version VM6.0 in April 2020\n and recommends users with the Ultrasound EPIQ/Affiniti systems to \ncontact their local Philips service support team, or regional service \nsupport for installation information.\u003c/p\u003e\n\u003cp\u003ePhilips is currently planning the following new releases:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eUltrasound ClearVue Version 3.3 release in Q4 2020\u003c/li\u003e\n\u003cli\u003eUltrasound CX Version 5.0.3 release in Q4 2020\u003c/li\u003e\n\u003cli\u003eUltrasound Sparq Version 3.0.3 release in Q4 2020\u003c/li\u003e\n\u003c/ul\u003e\n\u003cp\u003eAs an interim mitigation to this vulnerability, Philips recommends \ncustomers ensure service providers can guarantee installed device \nintegrity during all service and repair operations.\u003c/p\u003e\n\u003cp\u003eUsers with questions regarding their specific Ultrasound installation\n should contact the Philips service support team or regional service \nsupport.\u003c/p\u003e\u003cp\u003eUsers can contact \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\"\u003ePhilips customer service\u003c/a\u003e, and find more details in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ePhilips advisory \u003c/a\u003e(external link). Please see the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\"\u003ePhilips product security website\u003c/a\u003e for the latest security information for Philips products.\n\n\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "Philips released Ultrasound EPIQ/Affiniti Version VM6.0 in April 2020\n and recommends users with the Ultrasound EPIQ/Affiniti systems to \ncontact their local Philips service support team, or regional service \nsupport for installation information.\n\n\nPhilips is currently planning the following new releases:\n\n\n\n  *  Ultrasound ClearVue Version 3.3 release in Q4 2020\n\n  *  Ultrasound CX Version 5.0.3 release in Q4 2020\n\n  *  Ultrasound Sparq Version 3.0.3 release in Q4 2020\n\n\n\n\nAs an interim mitigation to this vulnerability, Philips recommends \ncustomers ensure service providers can guarantee installed device \nintegrity during all service and repair operations.\n\n\nUsers with questions regarding their specific Ultrasound installation\n should contact the Philips service support team or regional service \nsupport.\n\nUsers can contact  Philips customer service https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , and find more details in the  Philips advisory  http://www.philips.com/productsecurity (external link). Please see the  Philips product security website http://www.philips.com/productsecurity  for the latest security information for Philips products."
        }
      ],
      "source": {
        "advisory": "ICSMA-20-177-01",
        "discovery": "INTERNAL"
      },
      "title": "Philips Ultrasound Systems Authentication Bypass Using an Alternate Path or Channel",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2020-14477",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Philips Ultrasound ClearVue",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "versions 3.2 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Ultrasound CX",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "versions 5.0.2 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Ultrasound EPIQ/Affiniti",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "versions VM5.0 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Ultrasound Sparq",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "version 3.0.2 and prior"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Ultrasound Xperius",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "AUTHENTICATION BYPASS USING AN ALTERNATE PATH OR CHANNEL CWE-288"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsma-20-177-01"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2020-14477",
    "datePublished": "2020-06-26T16:15:14",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2025-06-04T21:56:59.294Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:clearvue_850_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.2\", \"matchCriteriaId\": \"41EF47AE-DEA9-4084-BC3C-75A2972B5EBC\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:clearvue_850:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"85C19542-2EF6-490F-8DC9-9AF23DB758B9\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:clearvue_350_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.2\", \"matchCriteriaId\": \"2C941F34-8A4B-4F52-B341-374F3BF291D7\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:clearvue_350:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C1BB7CF7-FD91-45AF-8C30-32A2DC7BE7D6\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:cx50_firmware:5.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F897C7E9-8939-44B7-BDDE-EBDBC7B4AB43\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:cx50:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E46E77E-C7EB-44A2-823D-FE0E834818AE\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:affiniti_70_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.0\", \"matchCriteriaId\": \"C2C0626D-174F-4228-8F89-EDE240D4E65B\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:affiniti_70:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB4F2CA8-2D99-445B-B93D-5CD7A727DA9F\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:affiniti_50_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.0\", \"matchCriteriaId\": \"22C5C609-110C-46AC-87C2-09599CB1EBFB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:affiniti_50:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCE8A514-5657-49C4-9C5C-60CA8AE56878\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:epiq_7_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"5.0\", \"matchCriteriaId\": \"1AA21E9F-20B4-457F-84EC-67A591A9EC35\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:epiq_7:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2B0401B-104E-460E-91F6-8F64C0D76C6D\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:sparq_firmware:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.0.2\", \"matchCriteriaId\": \"37B54A80-39EA-4EA8-B3EA-467DC8D59E89\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:sparq:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5D2F8EF5-A57C-4570-A834-EF5A3C1DFA52\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:philips:xperius_firmware:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EC3A16F-8D46-43AB-87EF-6CCD8E344515\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:philips:xperius:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96903833-9A10-4A1A-9AB4-D0B9A3E32035\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.\"}, {\"lang\": \"es\", \"value\": \"En Philips Ultrasound ClearVue Versiones 3.2 y anteriores, Ultrasound CX Versiones 5.0.2 y anteriores, Ultrasound EPIQ/Affiniti Versiones VM5.0 y anteriores, Ultrasound Sparq Versiones 3.0.2 y anteriores y Ultrasound Xperius todas las versiones, un atacante puede usar una ruta alternativa o canal que no requiere autenticaci\\u00f3n del inicio de sesi\\u00f3n de servicio alternativo para visualizar o modificar informaci\\u00f3n\"}]",
      "id": "CVE-2020-14477",
      "lastModified": "2024-11-21T05:03:21.340",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\", \"baseScore\": 4.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 2.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 3.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-26T17:15:10.280",
      "references": "[{\"url\": \"https://www.us-cert.gov/ics/advisories/icsma-20-177-01\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.us-cert.gov/ics/advisories/icsma-20-177-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-288\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-14477\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2020-06-26T17:15:10.280\",\"lastModified\":\"2025-06-04T22:15:22.960\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.\"},{\"lang\":\"es\",\"value\":\"En Philips Ultrasound ClearVue Versiones 3.2 y anteriores, Ultrasound CX Versiones 5.0.2 y anteriores, Ultrasound EPIQ/Affiniti Versiones VM5.0 y anteriores, Ultrasound Sparq Versiones 3.0.2 y anteriores y Ultrasound Xperius todas las versiones, un atacante puede usar una ruta alternativa o canal que no requiere autenticaci\u00f3n del inicio de sesi\u00f3n de servicio alternativo para visualizar o modificar informaci\u00f3n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":3.6,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.0,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":4.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":3.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-288\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:clearvue_850_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.2\",\"matchCriteriaId\":\"41EF47AE-DEA9-4084-BC3C-75A2972B5EBC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:clearvue_850:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85C19542-2EF6-490F-8DC9-9AF23DB758B9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:clearvue_350_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.2\",\"matchCriteriaId\":\"2C941F34-8A4B-4F52-B341-374F3BF291D7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:clearvue_350:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1BB7CF7-FD91-45AF-8C30-32A2DC7BE7D6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:cx50_firmware:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F897C7E9-8939-44B7-BDDE-EBDBC7B4AB43\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:cx50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E46E77E-C7EB-44A2-823D-FE0E834818AE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:affiniti_70_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0\",\"matchCriteriaId\":\"C2C0626D-174F-4228-8F89-EDE240D4E65B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:affiniti_70:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB4F2CA8-2D99-445B-B93D-5CD7A727DA9F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:affiniti_50_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0\",\"matchCriteriaId\":\"22C5C609-110C-46AC-87C2-09599CB1EBFB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:affiniti_50:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCE8A514-5657-49C4-9C5C-60CA8AE56878\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:epiq_7_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.0\",\"matchCriteriaId\":\"1AA21E9F-20B4-457F-84EC-67A591A9EC35\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:epiq_7:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2B0401B-104E-460E-91F6-8F64C0D76C6D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:sparq_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.0.2\",\"matchCriteriaId\":\"37B54A80-39EA-4EA8-B3EA-467DC8D59E89\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:sparq:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D2F8EF5-A57C-4570-A834-EF5A3C1DFA52\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:philips:xperius_firmware:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EC3A16F-8D46-43AB-87EF-6CCD8E344515\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:philips:xperius:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96903833-9A10-4A1A-9AB4-D0B9A3E32035\"}]}]}],\"references\":[{\"url\":\"https://www.us-cert.gov/ics/advisories/icsma-20-177-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.us-cert.gov/ics/advisories/icsma-20-177-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.