7.2

CVE-2017-14111

The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhilipsIntellispace Cardiovascular Version <= 2.3.0
PhilipsXcelera Version <= r4.1l1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.18% 0.8
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 1.2 5.9
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-522 Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

http://www.securityfocus.com/bid/101850
Third Party Advisory
VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01
Third Party Advisory
US Government Resource
Issue Tracking
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Vendor Advisory
Issue Tracking
Mitigation