Sign-up

ID

VAR-201711-0046


CVE

CVE-2017-14111


TITLE

Philips IntelliSpace Cardiovascular and Xcelera Vulnerabilities related to certificate and password management

Trust: 0.8

sources: JVNDB: JVNDB-2017-010491

DESCRIPTION

The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements. Philips IntelliSpace Cardiovascular (ISCV) and Xcelera Contains vulnerabilities related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Philips IntelliSpace Cardiovascular and Xcelera systems (the predecessor to IntelliSpace Cardiovascular) are comprehensive cardiac imaging and information management software. A plaintext storage vulnerability exists in the Philips IntelliSpace Cardiovascular System and Xcelera System. Credentials are stored in clear file in system files, resulting in highly privileged attackers gaining unauthorized access to data, including patient health information, system resources, and misuse connections. assets. this may lead to further attacks. Xcelera is its predecessor. The vulnerability is caused by the program storing certificates in clear text in system files

Trust: 2.7

sources: NVD: CVE-2017-14111 // JVNDB: JVNDB-2017-010491 // CNVD: CNVD-2017-34035 // BID: 101850 // IVD: 01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea // VULHUB: VHN-104801

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea // CNVD: CNVD-2017-34035

AFFECTED PRODUCTS

vendor:philipsmodel:intellispace cardiovascularscope:lteversion:2.3.0

Trust: 1.8

vendor:philipsmodel:xcelerascope:lteversion:r4.1l1

Trust: 1.8

vendor:philipsmodel:intellispace cardiovascularscope:lteversion:<=2.3.0

Trust: 0.6

vendor:philipsmodel:xcelera <=r4.1l1scope: - version: -

Trust: 0.6

vendor:philipsmodel:xcelerascope:eqversion:r4.1l1

Trust: 0.6

vendor:philipsmodel:intellispace cardiovascularscope:eqversion:2.3.0

Trust: 0.6

vendor:philipsmodel:xcelera r4.1l1scope: - version: -

Trust: 0.3

vendor:philipsmodel:intellispace cardiovascularscope:eqversion:2.3

Trust: 0.3

vendor:intellispace cardiovascularmodel: - scope:eqversion:*

Trust: 0.2

vendor:xceleramodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: 01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea // CNVD: CNVD-2017-34035 // BID: 101850 // JVNDB: JVNDB-2017-010491 // CNNVD: CNNVD-201709-015 // NVD: CVE-2017-14111

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-14111
value: HIGH

Trust: 1.0

NVD: CVE-2017-14111
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-34035
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201709-015
value: HIGH

Trust: 0.6

IVD: 01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea
value: HIGH

Trust: 0.2

VULHUB: VHN-104801
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-14111
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-34035
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-104801
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-14111
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: 01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea // CNVD: CNVD-2017-34035 // VULHUB: VHN-104801 // JVNDB: JVNDB-2017-010491 // CNNVD: CNNVD-201709-015 // NVD: CVE-2017-14111

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-104801 // JVNDB: JVNDB-2017-010491 // NVD: CVE-2017-14111

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-015

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201709-015

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010491

PATCH
title:CUSTOMER INFORMATION on IntelliSpace Cardiovascular and Xcelera Vulnerabilitiesurl:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 0.8
title:Philips IntelliSpace Cardiovascular  and Xcelera Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76098
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010491 // 
            
            
            
            CNNVD: CNNVD-201709-015

EXTERNAL IDS
db:NVDid:CVE-2017-14111
Trust: 3.6
db:ICS CERTid:ICSMA-17-318-01
Trust: 3.4
db:BIDid:101850
Trust: 2.0
db:CNNVDid:CNNVD-201709-015
Trust: 0.9
db:CNVDid:CNVD-2017-34035
Trust: 0.8
db:JVNDBid:JVNDB-2017-010491
Trust: 0.8
db:IVDid:01F9D4B4-BDCF-49BF-83AA-05B63DA7E5EA
Trust: 0.2
db:VULHUBid:VHN-104801
Trust: 0.1
sources:
            
            
            IVD: 01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea // 
            
            
            
            CNVD: CNVD-2017-34035 // 
            
            
            
            VULHUB: VHN-104801 // 
            
            
            
            BID: 101850 // 
            
            
            
            JVNDB: JVNDB-2017-010491 // 
            
            
            
            CNNVD: CNNVD-201709-015 // 
            
            
            
            NVD: CVE-2017-14111

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-17-318-01
Trust: 3.4
url:http://www.securityfocus.com/bid/101850
Trust: 1.7
url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-14111
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-14111
Trust: 0.8
url:http://www.isssource.com/philips-clears-hole-in-medical-systems/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-34035 // 
            
            
            
            VULHUB: VHN-104801 // 
            
            
            
            BID: 101850 // 
            
            
            
            JVNDB: JVNDB-2017-010491 // 
            
            
            
            CNNVD: CNNVD-201709-015 // 
            
            
            
            NVD: CVE-2017-14111

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 101850

SOURCES
db:IVDid:01f9d4b4-bdcf-49bf-83aa-05b63da7e5ea
db:CNVDid:CNVD-2017-34035
db:VULHUBid:VHN-104801
db:BIDid:101850
db:JVNDBid:JVNDB-2017-010491
db:CNNVDid:CNNVD-201709-015
db:NVDid:CVE-2017-14111

LAST UPDATE DATE
2025-04-20T23:40:00.135000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-34035date:2017-11-16T00:00:00
db:VULHUBid:VHN-104801date:2019-10-03T00:00:00
db:BIDid:101850date:2017-12-19T22:37:00
db:JVNDBid:JVNDB-2017-010491date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201709-015date:2019-10-23T00:00:00
db:NVDid:CVE-2017-14111date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:IVDid:01f9d4b4-bdcf-49bf-83aa-05b63da7e5eadate:2017-11-16T00:00:00
db:CNVDid:CNVD-2017-34035date:2017-11-16T00:00:00
db:VULHUBid:VHN-104801date:2017-11-17T00:00:00
db:BIDid:101850date:2017-11-14T00:00:00
db:JVNDBid:JVNDB-2017-010491date:2017-12-15T00:00:00
db:CNNVDid:CNNVD-201709-015date:2017-11-14T00:00:00
db:NVDid:CVE-2017-14111date:2017-11-17T20:29:00.323