VAR-202101-0372
Vulnerability from variot - Updated: 2023-12-18 13:23Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component. Philips Multiple provided by the company Interventional Workstation To OS Command injection (CWE-78) Vulnerability exists.An attacker on an adjacent network could shut down or restart the workstation. Several Philips products contain a security vulnerability that could allow an attacker to modify system commands that the system is expected to execute
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0372",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "interventional workspot",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.4.0"
},
{
"model": "interventional workspot",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.4.5"
},
{
"model": "interventional workspot",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.4.3"
},
{
"model": "interventional workspot",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.4.1"
},
{
"model": "interventional workspot",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.3.2"
},
{
"model": "coronary tools",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.0"
},
{
"model": "stentboost live",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.0"
},
{
"model": "dynamic coronary roadmap",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "1.0"
},
{
"model": "viewforum",
"scope": "eq",
"trust": 1.0,
"vendor": "philips",
"version": "6.3v1l10"
},
{
"model": "coronary tools/dynamic coronary roadmap/stentboost live",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "(release 1.0)"
},
{
"model": "interventional workspot",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "(release 1.3.2\u30011.4.0\u30011.4.1\u30011.4.3\u30011.4.5)"
},
{
"model": "viewforum",
"scope": "eq",
"trust": 0.8,
"vendor": "philips",
"version": "(release 6.3v1l10)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "NVD",
"id": "CVE-2020-27298"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:philips:coronary_tools:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:dynamic_coronary_roadmap:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:interventional_workspot:1.3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:interventional_workspot:1.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:interventional_workspot:1.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:interventional_workspot:1.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:interventional_workspot:1.4.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:stentboost_live:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:philips:viewforum:6.3v1l10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27298"
}
]
},
"cve": "CVE-2020-27298",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-370818",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2020-27298",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA score",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2021-001009",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-27298",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2021-001009",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-1616",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-370818",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2020-27298",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370818"
},
{
"db": "VULMON",
"id": "CVE-2020-27298"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "NVD",
"id": "CVE-2020-27298"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component. Philips Multiple provided by the company Interventional Workstation To OS Command injection (CWE-78) Vulnerability exists.An attacker on an adjacent network could shut down or restart the workstation. Several Philips products contain a security vulnerability that could allow an attacker to modify system commands that the system is expected to execute",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-27298"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "VULHUB",
"id": "VHN-370818"
},
{
"db": "VULMON",
"id": "CVE-2020-27298"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-27298",
"trust": 2.6
},
{
"db": "ICS CERT",
"id": "ICSMA-21-019-01",
"trust": 2.6
},
{
"db": "JVN",
"id": "JVNVU99865781",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001009",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1616",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.0229",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-370818",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-27298",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370818"
},
{
"db": "VULMON",
"id": "CVE-2020-27298"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "NVD",
"id": "CVE-2020-27298"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
]
},
"id": "VAR-202101-0372",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-370818"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:23:01.021000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Customer Service Solutions",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/solutions/customer-service-solutions"
},
{
"title": "Product Security",
"trust": 0.8,
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"title": "Philips Various product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=139868"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370818"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "NVD",
"id": "CVE-2020-27298"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27298"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu99865781"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27298"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0229/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195254"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-370818"
},
{
"db": "VULMON",
"id": "CVE-2020-27298"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "NVD",
"id": "CVE-2020-27298"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-370818"
},
{
"db": "VULMON",
"id": "CVE-2020-27298"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"db": "NVD",
"id": "CVE-2020-27298"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-26T00:00:00",
"db": "VULHUB",
"id": "VHN-370818"
},
{
"date": "2021-01-26T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27298"
},
{
"date": "2021-01-21T05:09:27",
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"date": "2021-01-26T18:15:45.990000",
"db": "NVD",
"id": "CVE-2020-27298"
},
{
"date": "2021-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-370818"
},
{
"date": "2021-02-02T00:00:00",
"db": "VULMON",
"id": "CVE-2020-27298"
},
{
"date": "2021-01-21T05:09:27",
"db": "JVNDB",
"id": "JVNDB-2021-001009"
},
{
"date": "2021-02-02T19:03:37.457000",
"db": "NVD",
"id": "CVE-2020-27298"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Philips Made Interventional Workstation To OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-001009"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1616"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…