Description
Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The Philips e-Alert contains a banner disclosure vulnerability that could allow attackers to obtain extraneous product information, such as OS and software components, via the HTTP response header that is normally not available to the attacker, but might be useful information in an attack.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105194
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
Scores
CVSS v3
5.3
EPSS
0.0174
EPSS Percentile
74.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
philips/e-alert_firmware
< r2.1
Published
Sep 26, 2018
Tracked Since
Feb 18, 2026