Description
Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://www.usa.philips.com/healthcare/about/customer-support/product-security
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103182
Third Party Advisory, US Government Resource x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02
Scores
CVSS v3
7.8
EPSS
0.0057
EPSS Percentile
42.4%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-428
CWE-426
Status
published
Products (2)
philips/intellispace_portal
8.0
philips/intellispace_portal
9.0
Published
Mar 26, 2018
Tracked Since
Feb 18, 2026