CVE-2020-27298

MEDIUM

Philips Interventional Workspot 1.3.2/1.4.0/1.4.1/1.4.3/1.4.5 - OS Command Injection

Title source: llm

Description

Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.

References (3)

Core 3

Core References

Third Party Advisory, US Government Resource

https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01

Various Sources

https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive

Third Party Advisory, US Government Resource x_refsource_misc

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-019-01

Scores

CVSS v3 6.5

EPSS 0.0084

EPSS Percentile 53.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-78

Status published

Products (9)

philips/coronary_tools 1.0

philips/dynamic_coronary_roadmap 1.0

philips/interventional_workspot 1.3.2

philips/interventional_workspot 1.4.0

philips/interventional_workspot 1.4.1

philips/interventional_workspot 1.4.3

philips/interventional_workspot 1.4.5

philips/stentboost_live 1.0

philips/viewforum 6.3v1l10

Published Jan 26, 2021

Tracked Since Feb 18, 2026