CVE-2017-14111
Last modified
CVE-2017-14111 is a vulnerability of currently unknown severity. The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.. EPSS estimates a 2.17% chance of exploitation in the next 30 days.
Description
The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Philips | Intellispace Cardiovascular | <= 2.3.0 |
| Philips | Xcelera | <= r4.1l1 |
References
- http://www.securityfocus.com/bid/101850Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01Issue Tracking, Third Party Advisory, US Government Resource
- https://www.usa.philips.com/healthcare/about/customer-support/product-securityIssue Tracking, Mitigation, Vendor Advisory
- http://www.securityfocus.com/bid/101850Third Party Advisory, VDB Entry
- https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01Issue Tracking, Third Party Advisory, US Government Resource
- https://www.usa.philips.com/healthcare/about/customer-support/product-securityIssue Tracking, Mitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-14111?
How severe is CVE-2017-14111?
How do I fix CVE-2017-14111?
Are you affected by CVE-2017-14111?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST