Vulnerability-Lookup

CNVD-2019-31326

Vulnerability from cnvd - Published: 2019-09-14

Title

Philips HDI 4000 Ultrasound Systems存在未明漏洞

Description

Philips HDI 4000 Ultrasound Systems是欧洲飞利浦（Philips）公司的一套用于医疗行业的超声波检查设备。 Philips HDI 4000 Ultrasound Systems（运行在不再支持的旧操作系统例如，Windows 2000）中存在安全漏洞。攻击者可利用该漏洞泄露超声图像并影响图像的完整性。

Severity

低

Formal description

据厂商提供的信息，该产品已停止更新，相关信息请随时关注厂商主页： https://www.philips.com

Reference

https://www.us-cert.gov/ics/advisories/icsma-19-241-02

Impacted products

Name
Philips HDI 4000 Ultrasound Systems

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-10988"
    }
  },
  "description": "Philips HDI 4000 Ultrasound Systems\u662f\u6b27\u6d32\u98de\u5229\u6d66\uff08Philips\uff09\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u533b\u7597\u884c\u4e1a\u7684\u8d85\u58f0\u6ce2\u68c0\u67e5\u8bbe\u5907\u3002\n\nPhilips HDI 4000 Ultrasound Systems\uff08\u8fd0\u884c\u5728\u4e0d\u518d\u652f\u6301\u7684\u65e7\u64cd\u4f5c\u7cfb\u7edf\u4f8b\u5982\uff0cWindows 2000\uff09\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6cc4\u9732\u8d85\u58f0\u56fe\u50cf\u5e76\u5f71\u54cd\u56fe\u50cf\u7684\u5b8c\u6574\u6027\u3002",
  "discovererName": "Check Point",
  "formalWay": "\u636e\u5382\u5546\u63d0\u4f9b\u7684\u4fe1\u606f\uff0c\u8be5\u4ea7\u54c1\u5df2\u505c\u6b62\u66f4\u65b0\uff0c\u76f8\u5173\u4fe1\u606f\u8bf7\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.philips.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-31326",
  "openTime": "2019-09-14",
  "products": {
    "product": "Philips HDI 4000 Ultrasound Systems"
  },
  "referenceLink": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02",
  "serverity": "\u4f4e",
  "submitTime": "2019-09-02",
  "title": "Philips HDI 4000 Ultrasound Systems\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2019-10988 (GCVE-0-2019-10988)

Vulnerability from cvelistv5 – Published: 2019-09-04 13:36 – Updated: 2024-08-04 22:40

Summary

In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product.

Severity ?

No CVSS data available.

CWE

CWE-477 - USE OF OBSOLETE FUNCTION CWE-477

Assigner

icscert

References

URL

Tags

https://www.us-cert.gov/ics/advisories/icsma-19-241-02

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	Philips HDI 4000 Ultrasound Systems	Affected: All versions running on old, unsupported operating systems such as Windows 2000.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:40:15.537Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Philips HDI 4000 Ultrasound Systems",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions running on old, unsupported operating systems such as Windows 2000."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-477",
              "description": "USE OF OBSOLETE FUNCTION CWE-477",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-09-04T13:36:31",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2019-10988",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Philips HDI 4000 Ultrasound Systems",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions running on old, unsupported operating systems such as Windows 2000."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Philips HDI 4000 Ultrasound Systems, all versions running on old, unsupported operating systems such as Windows 2000, the HDI 4000 Ultrasound System is built on an old operating system that is no longer supported. Thus, any unmitigated vulnerability in the old operating system could be exploited to affect this product."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "USE OF OBSOLETE FUNCTION CWE-477"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02",
              "refsource": "MISC",
              "url": "https://www.us-cert.gov/ics/advisories/icsma-19-241-02"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2019-10988",
    "datePublished": "2019-09-04T13:36:31",
    "dateReserved": "2019-04-08T00:00:00",
    "dateUpdated": "2024-08-04T22:40:15.537Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2019-31326

CVE-2019-10988 (GCVE-0-2019-10988)

Tags

Sightings

Nomenclature