VAR-201911-1189
Vulnerability from variot - Updated: 2023-12-18 12:49In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. Tasy EMR and Tasy WebPortal Contains an information disclosure vulnerability.Information may be obtained. Both Philips Tasy EMR and Tasy WebPortal are products of Philips Europe. Tasy WebPortal is a web-based portal system. This vulnerability is caused by a configuration error such as a network system or product running, and an unauthorized attacker can exploit the vulnerability. Sensitive information of affected components
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1189",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tasy webportal",
"scope": "lte",
"trust": 1.8,
"vendor": "philips",
"version": "3.02.1757"
},
{
"model": "tasy emr",
"scope": "lte",
"trust": 1.0,
"vendor": "philips",
"version": "3.02.1744"
},
{
"model": "tasy emr",
"scope": null,
"trust": 0.8,
"vendor": "philips",
"version": null
},
{
"model": "tasy emr",
"scope": "lte",
"trust": 0.6,
"vendor": "philips",
"version": "\u003c=3.02.1744"
},
{
"model": "tasy webportal",
"scope": "lte",
"trust": 0.6,
"vendor": "philips",
"version": "\u003c=3.02.1757"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tasy emr",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "tasy webportal",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "bf15fd31-896f-4833-8181-d347eb34fa8f"
},
{
"db": "CNVD",
"id": "CNVD-2019-41429"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011841"
},
{
"db": "NVD",
"id": "CVE-2019-13557"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:tasy_emr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.02.1744",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:tasy_webportal:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.02.1757",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13557"
}
]
},
"cve": "CVE-2019-13557",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-13557",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-41429",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "bf15fd31-896f-4833-8181-d347eb34fa8f",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-145415",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2019-13557",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-13557",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2019-41429",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-388",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "bf15fd31-896f-4833-8181-d347eb34fa8f",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-145415",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "bf15fd31-896f-4833-8181-d347eb34fa8f"
},
{
"db": "CNVD",
"id": "CNVD-2019-41429"
},
{
"db": "VULHUB",
"id": "VHN-145415"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011841"
},
{
"db": "NVD",
"id": "CVE-2019-13557"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-388"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. Tasy EMR and Tasy WebPortal Contains an information disclosure vulnerability.Information may be obtained. Both Philips Tasy EMR and Tasy WebPortal are products of Philips Europe. Tasy WebPortal is a web-based portal system. This vulnerability is caused by a configuration error such as a network system or product running, and an unauthorized attacker can exploit the vulnerability. Sensitive information of affected components",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-13557"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011841"
},
{
"db": "CNVD",
"id": "CNVD-2019-41429"
},
{
"db": "IVD",
"id": "bf15fd31-896f-4833-8181-d347eb34fa8f"
},
{
"db": "VULHUB",
"id": "VHN-145415"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-13557",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSMA-19-120-01",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201911-388",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2019-41429",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011841",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2019.1473.2",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "47543",
"trust": 0.6
},
{
"db": "IVD",
"id": "BF15FD31-896F-4833-8181-D347EB34FA8F",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-145415",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "bf15fd31-896f-4833-8181-d347eb34fa8f"
},
{
"db": "CNVD",
"id": "CNVD-2019-41429"
},
{
"db": "VULHUB",
"id": "VHN-145415"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011841"
},
{
"db": "NVD",
"id": "CVE-2019-13557"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-388"
}
]
},
"id": "VAR-201911-1189",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "bf15fd31-896f-4833-8181-d347eb34fa8f"
},
{
"db": "CNVD",
"id": "CNVD-2019-41429"
},
{
"db": "VULHUB",
"id": "VHN-145415"
}
],
"trust": 1.40000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "bf15fd31-896f-4833-8181-d347eb34fa8f"
},
{
"db": "CNVD",
"id": "CNVD-2019-41429"
}
]
},
"last_update_date": "2023-12-18T12:49:58.980000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.philips.ae/"
},
{
"title": "Patch for Philips Tasy EMR and Tasy WebPortal Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/191109"
},
{
"title": "Philips Tasy EMR and Tasy WebPortal Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=101857"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41429"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011841"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-388"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-145415"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011841"
},
{
"db": "NVD",
"id": "CVE-2019-13557"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.us-cert.gov/ics/advisories/icsma-19-120-01"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13557"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13557"
},
{
"trust": 0.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsma-19-120-01"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/47543"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1473.2/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41429"
},
{
"db": "VULHUB",
"id": "VHN-145415"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011841"
},
{
"db": "NVD",
"id": "CVE-2019-13557"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-388"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "bf15fd31-896f-4833-8181-d347eb34fa8f"
},
{
"db": "CNVD",
"id": "CNVD-2019-41429"
},
{
"db": "VULHUB",
"id": "VHN-145415"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011841"
},
{
"db": "NVD",
"id": "CVE-2019-13557"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-388"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "IVD",
"id": "bf15fd31-896f-4833-8181-d347eb34fa8f"
},
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41429"
},
{
"date": "2019-11-08T00:00:00",
"db": "VULHUB",
"id": "VHN-145415"
},
{
"date": "2019-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011841"
},
{
"date": "2019-11-08T18:15:11.403000",
"db": "NVD",
"id": "CVE-2019-13557"
},
{
"date": "2019-11-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-388"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-41429"
},
{
"date": "2019-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-145415"
},
{
"date": "2019-11-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011841"
},
{
"date": "2019-11-13T19:35:02.707000",
"db": "NVD",
"id": "CVE-2019-13557"
},
{
"date": "2020-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-388"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-388"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Tasy EMR and Tasy WebPortal Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-41429"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-388"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-388"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…