Workstation Logging Flaw in Philips IntelliSpace Cardiovascular and Xcelera Products
CVE-2017-14111

7.2HIGH

Key Information:

Vendor
Philips
Status
Xcelera
Intellispace Cardiovascular
Vendor
CVE Published:
17 November 2017

Summary

A vulnerability exists in the workstation logging function of Philips IntelliSpace Cardiovascular and Xcelera products, where sensitive domain authentication credentials may be improperly recorded. This information, if accessed by unauthorized individuals, could enable them to gain access to the application and associated user entitlements, potentially compromising user accounts and system integrity.

References

https://www.usa.philips.com/healthcare/about/customer-sup...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/101850
vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.