Search

Find a vulnerability

Search criteria

    22 vulnerabilities found for intellispace_portal by philips

    CVE-2018-5474 (GCVE-0-2018-5474)

    Vulnerability from nvd – Published: 2018-03-26 14:00 – Updated: 2024-09-16 17:14
    VLAI
    Summary
    Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash.
    Severity
    No CVSS data available.
    CWE
    • CWE-20 - IMPROPER INPUT VALIDATION CWE-20
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:49.789Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "IMPROPER INPUT VALIDATION CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5474",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER INPUT VALIDATION CWE-20"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5474",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:14:11.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5472 (GCVE-0-2018-5472)

    Vulnerability from nvd – Published: 2018-03-26 14:00 – Updated: 2024-09-17 00:10
    VLAI
    Summary
    Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-264 - PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:49.839Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5472",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5472",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:10:29.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5470 (GCVE-0-2018-5470)

    Vulnerability from nvd – Published: 2018-03-26 14:00 – Updated: 2024-09-16 23:01
    VLAI
    Summary
    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-428 - UNQUOTED SEARCH PATH OR ELEMENT CWE-428
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "UNQUOTED SEARCH PATH OR ELEMENT CWE-428",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5470",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNQUOTED SEARCH PATH OR ELEMENT CWE-428"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5470",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:01:40.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5468 (GCVE-0-2018-5468)

    Vulnerability from nvd – Published: 2018-03-26 14:00 – Updated: 2024-09-16 17:38
    VLAI
    Summary
    Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code
    Severity
    No CVSS data available.
    CWE
    • CWE-264 - PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5468",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5468",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:38:00.448Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5466 (GCVE-0-2018-5466)

    Vulnerability from nvd – Published: 2018-03-26 14:00 – Updated: 2024-09-17 00:21
    VLAI
    Summary
    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
    Severity
    No CVSS data available.
    CWE
    • CWE-310 - CRYPTOGRAPHIC ISSUES CWE-310
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "CRYPTOGRAPHIC ISSUES CWE-310",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5466",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CRYPTOGRAPHIC ISSUES CWE-310"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5466",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:21:12.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5464 (GCVE-0-2018-5464)

    Vulnerability from nvd – Published: 2018-03-26 14:00 – Updated: 2024-09-16 23:10
    VLAI
    Summary
    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
    Severity
    No CVSS data available.
    CWE
    • CWE-310 - CRYPTOGRAPHIC ISSUES CWE-310
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.479Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "CRYPTOGRAPHIC ISSUES CWE-310",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5464",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CRYPTOGRAPHIC ISSUES CWE-310"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5464",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:10:46.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5462 (GCVE-0-2018-5462)

    Vulnerability from nvd – Published: 2018-03-26 14:00 – Updated: 2024-09-16 16:14
    VLAI
    Summary
    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
    Severity
    No CVSS data available.
    CWE
    • CWE-310 - CRYPTOGRAPHIC ISSUES CWE-310
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.384Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "CRYPTOGRAPHIC ISSUES CWE-310",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5462",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CRYPTOGRAPHIC ISSUES CWE-310"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5462",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:14:03.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5458 (GCVE-0-2018-5458)

    Vulnerability from nvd – Published: 2018-03-26 14:00 – Updated: 2024-09-17 03:53
    VLAI
    Summary
    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information.
    Severity
    No CVSS data available.
    CWE
    • CWE-310 - CRYPTOGRAPHIC ISSUES CWE-310
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.341Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "CRYPTOGRAPHIC ISSUES CWE-310",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5458",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CRYPTOGRAPHIC ISSUES CWE-310"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5458",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:53:33.571Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5454 (GCVE-0-2018-5454)

    Vulnerability from nvd – Published: 2018-03-26 14:00 – Updated: 2024-09-16 16:57
    VLAI
    Summary
    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime.
    Severity
    No CVSS data available.
    CWE
    • CWE-489 - LEFTOVER DEBUG CODE CWE-489
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.323Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-489",
                  "description": "LEFTOVER DEBUG CODE CWE-489",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5454",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "LEFTOVER DEBUG CODE CWE-489"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5454",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:57:42.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0199 (GCVE-0-2017-0199)

    Vulnerability from nvd – Published: 2017-04-12 14:00 – Updated: 2025-10-21 23:55
    VLAI CISA KEVIntel
    Summary
    Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Corporation Office/WordPad Affected: Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8.1
    Create a notification for this product.
    Date Public
    2017-04-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:19.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "97498",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97498"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.html"
              },
              {
                "name": "41894",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41894/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/"
              },
              {
                "name": "41934",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41934/"
              },
              {
                "name": "42995",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42995/"
              },
              {
                "name": "1038224",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038224"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-0199",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-10T16:34:00.424194Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0199"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:55:42.609Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0199"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2017-0199 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Office/WordPad",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8.1"
                }
              ]
            }
          ],
          "datePublic": "2017-04-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T15:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "97498",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97498"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.html"
            },
            {
              "name": "41894",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41894/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/"
            },
            {
              "name": "41934",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41934/"
            },
            {
              "name": "42995",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42995/"
            },
            {
              "name": "1038224",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038224"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0199",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Office/WordPad",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "97498",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97498"
                },
                {
                  "name": "https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/",
                  "refsource": "MISC",
                  "url": "https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/"
                },
                {
                  "name": "http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.html",
                  "refsource": "MISC",
                  "url": "http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.html"
                },
                {
                  "name": "41894",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41894/"
                },
                {
                  "name": "https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html",
                  "refsource": "MISC",
                  "url": "https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                },
                {
                  "name": "https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/",
                  "refsource": "MISC",
                  "url": "https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/"
                },
                {
                  "name": "41934",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41934/"
                },
                {
                  "name": "42995",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42995/"
                },
                {
                  "name": "1038224",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038224"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0199",
        "datePublished": "2017-04-12T14:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:55:42.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0143 (GCVE-0-2017-0143)

    Vulnerability from nvd – Published: 2017-03-17 00:00 – Updated: 2025-10-21 23:55
    VLAI CISA KEVIntel
    Summary
    The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows SMB Affected: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607
    Create a notification for this product.
    Date Public
    2017-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:18.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "41891",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41891/"
              },
              {
                "name": "96703",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96703"
              },
              {
                "name": "1037991",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037991"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143"
              },
              {
                "name": "41987",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41987/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf"
              },
              {
                "name": "43970",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/43970/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-0143",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-10T14:58:10.396687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0143"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:55:44.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0143"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2017-0143 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows SMB",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607"
                }
              ]
            }
          ],
          "datePublic": "2017-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-04T16:06:11.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "41891",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41891/"
            },
            {
              "name": "96703",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96703"
            },
            {
              "name": "1037991",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1037991"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143"
            },
            {
              "name": "41987",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41987/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf"
            },
            {
              "name": "43970",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/43970/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0143",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows SMB",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "41891",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41891/"
                },
                {
                  "name": "96703",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96703"
                },
                {
                  "name": "1037991",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1037991"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143"
                },
                {
                  "name": "41987",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41987/"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf"
                },
                {
                  "name": "43970",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/43970/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0143",
        "datePublished": "2017-03-17T00:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:55:44.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5468 (GCVE-0-2018-5468)

    Vulnerability from cvelistv5 – Published: 2018-03-26 14:00 – Updated: 2024-09-16 17:38
    VLAI
    Summary
    Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code
    Severity
    No CVSS data available.
    CWE
    • CWE-264 - PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5468",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote desktop access vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code"
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5468",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:38:00.448Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5470 (GCVE-0-2018-5470)

    Vulnerability from cvelistv5 – Published: 2018-03-26 14:00 – Updated: 2024-09-16 23:01
    VLAI
    Summary
    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.
    Severity
    No CVSS data available.
    CWE
    • CWE-428 - UNQUOTED SEARCH PATH OR ELEMENT CWE-428
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.334Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-428",
                  "description": "UNQUOTED SEARCH PATH OR ELEMENT CWE-428",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5470",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an unquoted search path or element vulnerability that has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "UNQUOTED SEARCH PATH OR ELEMENT CWE-428"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5470",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:01:40.163Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5462 (GCVE-0-2018-5462)

    Vulnerability from cvelistv5 – Published: 2018-03-26 14:00 – Updated: 2024-09-16 16:14
    VLAI
    Summary
    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
    Severity
    No CVSS data available.
    CWE
    • CWE-310 - CRYPTOGRAPHIC ISSUES CWE-310
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.384Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "CRYPTOGRAPHIC ISSUES CWE-310",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5462",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an SSL incorrect hostname certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CRYPTOGRAPHIC ISSUES CWE-310"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5462",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:14:03.659Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5454 (GCVE-0-2018-5454)

    Vulnerability from cvelistv5 – Published: 2018-03-26 14:00 – Updated: 2024-09-16 16:57
    VLAI
    Summary
    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime.
    Severity
    No CVSS data available.
    CWE
    • CWE-489 - LEFTOVER DEBUG CODE CWE-489
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.323Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-489",
                  "description": "LEFTOVER DEBUG CODE CWE-489",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5454",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "LEFTOVER DEBUG CODE CWE-489"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5454",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:57:42.535Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5472 (GCVE-0-2018-5472)

    Vulnerability from cvelistv5 – Published: 2018-03-26 14:00 – Updated: 2024-09-17 00:10
    VLAI
    Summary
    Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.
    Severity
    No CVSS data available.
    CWE
    • CWE-264 - PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:49.839Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5472",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an insecure windows permissions vulnerability that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5472",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:10:29.230Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5474 (GCVE-0-2018-5474)

    Vulnerability from cvelistv5 – Published: 2018-03-26 14:00 – Updated: 2024-09-16 17:14
    VLAI
    Summary
    Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash.
    Severity
    No CVSS data available.
    CWE
    • CWE-20 - IMPROPER INPUT VALIDATION CWE-20
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:49.789Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "IMPROPER INPUT VALIDATION CWE-20",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5474",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input validation vulnerability that could allow a remote attacker to execute arbitrary code or cause the application to crash."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER INPUT VALIDATION CWE-20"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5474",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:14:11.452Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5464 (GCVE-0-2018-5464)

    Vulnerability from cvelistv5 – Published: 2018-03-26 14:00 – Updated: 2024-09-16 23:10
    VLAI
    Summary
    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
    Severity
    No CVSS data available.
    CWE
    • CWE-310 - CRYPTOGRAPHIC ISSUES CWE-310
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.479Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "CRYPTOGRAPHIC ISSUES CWE-310",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5464",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an untrusted SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CRYPTOGRAPHIC ISSUES CWE-310"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5464",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:10:46.604Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5458 (GCVE-0-2018-5458)

    Vulnerability from cvelistv5 – Published: 2018-03-26 14:00 – Updated: 2024-09-17 03:53
    VLAI
    Summary
    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information.
    Severity
    No CVSS data available.
    CWE
    • CWE-310 - CRYPTOGRAPHIC ISSUES CWE-310
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.341Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "CRYPTOGRAPHIC ISSUES CWE-310",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5458",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a vulnerability using SSL legacy encryption that could allow an attacker to gain unauthorized access to resources and information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CRYPTOGRAPHIC ISSUES CWE-310"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5458",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T03:53:33.571Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5466 (GCVE-0-2018-5466)

    Vulnerability from cvelistv5 – Published: 2018-03-26 14:00 – Updated: 2024-09-17 00:21
    VLAI
    Summary
    Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information.
    Severity
    No CVSS data available.
    CWE
    • CWE-310 - CRYPTOGRAPHIC ISSUES CWE-310
    Assigner
    References
    Impacted products
    Vendor Product Version
    Philips Philips IntelliSpace Portal Affected: 8.0.x
    Affected: 7.0.x
    Create a notification for this product.
    Date Public
    2018-02-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:33:44.468Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
              },
              {
                "name": "103182",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/103182"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Philips IntelliSpace Portal",
              "vendor": "Philips",
              "versions": [
                {
                  "status": "affected",
                  "version": "8.0.x"
                },
                {
                  "status": "affected",
                  "version": "7.0.x"
                }
              ]
            }
          ],
          "datePublic": "2018-02-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-310",
                  "description": "CRYPTOGRAPHIC ISSUES CWE-310",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
            },
            {
              "name": "103182",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/103182"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-02-27T00:00:00",
              "ID": "CVE-2018-5466",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Philips IntelliSpace Portal",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "8.0.x"
                              },
                              {
                                "version_value": "7.0.x"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Philips"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a self-signed SSL certificate vulnerability this could allow an attacker to gain unauthorized access to resources and information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CRYPTOGRAPHIC ISSUES CWE-310"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
                  "refsource": "CONFIRM",
                  "url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
                },
                {
                  "name": "103182",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/103182"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-5466",
        "datePublished": "2018-03-26T14:00:00.000Z",
        "dateReserved": "2018-01-12T00:00:00.000Z",
        "dateUpdated": "2024-09-17T00:21:12.905Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0199 (GCVE-0-2017-0199)

    Vulnerability from cvelistv5 – Published: 2017-04-12 14:00 – Updated: 2025-10-21 23:55
    VLAI CISA KEVIntel
    Summary
    Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Corporation Office/WordPad Affected: Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8.1
    Create a notification for this product.
    Date Public
    2017-04-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:19.131Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "97498",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/97498"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.html"
              },
              {
                "name": "41894",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41894/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/"
              },
              {
                "name": "41934",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41934/"
              },
              {
                "name": "42995",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/42995/"
              },
              {
                "name": "1038224",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1038224"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-0199",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-10T16:34:00.424194Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0199"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:55:42.609Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0199"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2017-0199 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Office/WordPad",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8.1"
                }
              ]
            }
          ],
          "datePublic": "2017-04-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-03-27T15:57:02.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "97498",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/97498"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.html"
            },
            {
              "name": "41894",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41894/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/"
            },
            {
              "name": "41934",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41934/"
            },
            {
              "name": "42995",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/42995/"
            },
            {
              "name": "1038224",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1038224"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0199",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Office/WordPad",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka \"Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "97498",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/97498"
                },
                {
                  "name": "https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/",
                  "refsource": "MISC",
                  "url": "https://blog.nviso.be/2017/04/12/analysis-of-a-cve-2017-0199-malicious-rtf-document/"
                },
                {
                  "name": "http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.html",
                  "refsource": "MISC",
                  "url": "http://rewtin.blogspot.nl/2017/04/cve-2017-0199-practical-exploitation-poc.html"
                },
                {
                  "name": "41894",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41894/"
                },
                {
                  "name": "https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html",
                  "refsource": "MISC",
                  "url": "https://www.fireeye.com/blog/threat-research/2017/04/cve-2017-0199_useda.html"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                },
                {
                  "name": "https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/",
                  "refsource": "MISC",
                  "url": "https://www.mdsec.co.uk/2017/04/exploiting-cve-2017-0199-hta-handler-vulnerability/"
                },
                {
                  "name": "41934",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41934/"
                },
                {
                  "name": "42995",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/42995/"
                },
                {
                  "name": "1038224",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1038224"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0199",
        "datePublished": "2017-04-12T14:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:55:42.609Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-0143 (GCVE-0-2017-0143)

    Vulnerability from cvelistv5 – Published: 2017-03-17 00:00 – Updated: 2025-10-21 23:55
    VLAI CISA KEVIntel
    Summary
    The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148.
    SSVC
    Exploitation: active Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Microsoft Corporation Windows SMB Affected: The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607
    Create a notification for this product.
    Date Public
    2017-03-14 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T12:55:18.661Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "41891",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41891/"
              },
              {
                "name": "96703",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/96703"
              },
              {
                "name": "1037991",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037991"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143"
              },
              {
                "name": "41987",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/41987/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf"
              },
              {
                "name": "43970",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/43970/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2017-0143",
                    "options": [
                      {
                        "Exploitation": "active"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-10T14:58:10.396687Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              },
              {
                "other": {
                  "content": {
                    "dateAdded": "2021-11-03",
                    "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0143"
                  },
                  "type": "kev"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "description": "CWE-noinfo Not enough information",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-10-21T23:55:44.821Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "government-resource"
                ],
                "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2017-0143"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2021-11-03T00:00:00.000Z",
                "value": "CVE-2017-0143 added to CISA KEV"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Windows SMB",
              "vendor": "Microsoft Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607"
                }
              ]
            }
          ],
          "datePublic": "2017-03-14T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Remote Code Execution",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-04T16:06:11.000Z",
            "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
            "shortName": "microsoft"
          },
          "references": [
            {
              "name": "41891",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41891/"
            },
            {
              "name": "96703",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/96703"
            },
            {
              "name": "1037991",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1037991"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143"
            },
            {
              "name": "41987",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/41987/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf"
            },
            {
              "name": "43970",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/43970/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secure@microsoft.com",
              "ID": "CVE-2017-0143",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Windows SMB",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Microsoft Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via crafted packets, aka \"Windows SMB Remote Code Execution Vulnerability.\" This vulnerability is different from those described in CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, and CVE-2017-0148."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Remote Code Execution"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "41891",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41891/"
                },
                {
                  "name": "96703",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/96703"
                },
                {
                  "name": "1037991",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1037991"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdf"
                },
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-058-02"
                },
                {
                  "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143",
                  "refsource": "CONFIRM",
                  "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0143"
                },
                {
                  "name": "41987",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/41987/"
                },
                {
                  "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf",
                  "refsource": "CONFIRM",
                  "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdf"
                },
                {
                  "name": "43970",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/43970/"
                },
                {
                  "name": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/154690/DOUBLEPULSAR-Payload-Execution-Neutralization.html"
                },
                {
                  "name": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/156196/SMB-DOUBLEPULSAR-Remote-Code-Execution.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "assignerShortName": "microsoft",
        "cveId": "CVE-2017-0143",
        "datePublished": "2017-03-17T00:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2025-10-21T23:55:44.821Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }