CVE-2017-9656
CRITICALPhilips DoseWise Portal <2.1.1.3069 - Info Disclosure
Title source: llmDescription
The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/100471
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01
Vendor Advisory x_refsource_confirm
http://www.philips.com/productsecurity
Scores
CVSS v3
9.1
EPSS
0.0233
EPSS Percentile
81.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (2)
philips/dosewise
1.1.7.333
philips/dosewise
2.1.1.3069
Published
Apr 24, 2018
Tracked Since
Feb 18, 2026