CVE-2020-14477
Last modified
CVE-2020-14477 is a medium-severity vulnerability rated 4.4/10 on the CVSS scale. In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.. EPSS estimates a 0.27% chance of exploitation in the next 30 days.
Description
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Philips | Clearvue 850 Firmware | <= 3.2 |
| Philips | Clearvue 350 Firmware | <= 3.2 |
| Philips | Cx50 Firmware | 5.0.2 |
| Philips | Affiniti 70 Firmware | <= 5.0 |
| Philips | Affiniti 50 Firmware | <= 5.0 |
| Philips | Epiq 7 Firmware | <= 5.0 |
| Philips | Sparq Firmware | <= 3.0.2 |
| Philips | Xperius Firmware | All versions |
References
- https://www.us-cert.gov/ics/advisories/icsma-20-177-01Third Party Advisory, US Government Resource
- https://www.us-cert.gov/ics/advisories/icsma-20-177-01Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2020-14477?
How severe is CVE-2020-14477?
How do I fix CVE-2020-14477?
Are you affected by CVE-2020-14477?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST