CVE-2017-14111

HIGH

Philips IntelliSpace Cardiovascular <2.3.0 - Info Disclosure

Title source: llm
STIX 2.1

Description

The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.

References (3)

Core 3
Core References
Issue Tracking, Mitigation, Vendor Advisory x_refsource_confirm
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101850
Issue Tracking, Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01

Scores

CVSS v3 7.2
EPSS 0.0217
EPSS Percentile 80.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-522
Status published
Products (2)
philips/intellispace_cardiovascular < 2.3.0
philips/xcelera < r4.1l1
Published Nov 17, 2017
Tracked Since Feb 18, 2026