Sign-up

ID

VAR-201804-0778


CVE

CVE-2017-9654


TITLE

Philips DoseWise Portal of Web Vulnerability related to certificate / password management in base application

Trust: 0.8

sources: JVNDB: JVNDB-2017-013353

DESCRIPTION

The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. Philips DoseWise Portal of Web The base application contains a vulnerability related to certificate and password management.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Philips' DoseWise Portal is a web-based reporting and radiation exposure tracking tool. A plaintext storage vulnerability exists in Philips' DoseWise Portal. Attackers can exploit this issue to obtain sensitive information or bypass the authentication mechanism and gain unauthorized access to the device. DoseWise Portal 1.1.7.333 and 2.1.1.3069 are vulnerable. The platform is used to record, track and analyze radiation exposure to patients and physicians. A remote attacker could exploit this vulnerability to gain access to the DWP application database

Trust: 2.79

sources: NVD: CVE-2017-9654 // JVNDB: JVNDB-2017-013353 // CNVD: CNVD-2017-22812 // BID: 100471 // IVD: b5d3f202-7804-4a30-a776-5059328187da // VULHUB: VHN-117857 // VULMON: CVE-2017-9654

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: b5d3f202-7804-4a30-a776-5059328187da // CNVD: CNVD-2017-22812

AFFECTED PRODUCTS

vendor:philipsmodel:dosewisescope:eqversion:1.1.7.333

Trust: 2.4

vendor:philipsmodel:dosewisescope:eqversion:2.1.1.3069

Trust: 2.4

vendor:philipsmodel:dosewise portalscope:gteversion:1.1.7.333,<=2.1.1.3069

Trust: 0.6

vendor:philipsmodel:dosewise portalscope:eqversion:2.1.1.3069

Trust: 0.3

vendor:philipsmodel:dosewise portalscope:eqversion:1.1.7.333

Trust: 0.3

vendor:dosewisemodel: - scope:eqversion:1.1.7.333

Trust: 0.2

vendor:dosewisemodel: - scope:eqversion:2.1.1.3069

Trust: 0.2

sources: IVD: b5d3f202-7804-4a30-a776-5059328187da // CNVD: CNVD-2017-22812 // BID: 100471 // JVNDB: JVNDB-2017-013353 // CNNVD: CNNVD-201706-583 // NVD: CVE-2017-9654

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-9654
value: HIGH

Trust: 1.0

NVD: CVE-2017-9654
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-22812
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201706-583
value: HIGH

Trust: 0.6

IVD: b5d3f202-7804-4a30-a776-5059328187da
value: HIGH

Trust: 0.2

VULHUB: VHN-117857
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-9654
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-9654
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2017-22812
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: b5d3f202-7804-4a30-a776-5059328187da
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-117857
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-9654
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: IVD: b5d3f202-7804-4a30-a776-5059328187da // CNVD: CNVD-2017-22812 // VULHUB: VHN-117857 // VULMON: CVE-2017-9654 // JVNDB: JVNDB-2017-013353 // CNNVD: CNNVD-201706-583 // NVD: CVE-2017-9654

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.1

problemtype:CWE-312

Trust: 1.0

problemtype:CWE-255

Trust: 0.9

sources: VULHUB: VHN-117857 // JVNDB: JVNDB-2017-013353 // NVD: CVE-2017-9654

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201706-583

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201706-583

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013353

PATCH
title:Philips DoseWise Portal Vulnerabilities (17-AUG-2017)url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 0.8
title:Patch for Philips' DoseWise Portal Clear Text Storage Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/100830
Trust: 0.6
title:Philips DoseWise Portal Repair measures for trust management vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99849
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-22812 // 
            
            
            
            JVNDB: JVNDB-2017-013353 // 
            
            
            
            CNNVD: CNNVD-201706-583

EXTERNAL IDS
db:NVDid:CVE-2017-9654
Trust: 3.7
db:ICS CERTid:ICSMA-17-229-01
Trust: 3.5
db:BIDid:100471
Trust: 2.1
db:CNNVDid:CNNVD-201706-583
Trust: 0.9
db:CNVDid:CNVD-2017-22812
Trust: 0.8
db:JVNDBid:JVNDB-2017-013353
Trust: 0.8
db:IVDid:B5D3F202-7804-4A30-A776-5059328187DA
Trust: 0.2
db:VULHUBid:VHN-117857
Trust: 0.1
db:VULMONid:CVE-2017-9654
Trust: 0.1
sources:
            
            
            IVD: b5d3f202-7804-4a30-a776-5059328187da // 
            
            
            
            CNVD: CNVD-2017-22812 // 
            
            
            
            VULHUB: VHN-117857 // 
            
            
            
            VULMON: CVE-2017-9654 // 
            
            
            
            BID: 100471 // 
            
            
            
            JVNDB: JVNDB-2017-013353 // 
            
            
            
            CNNVD: CNNVD-201706-583 // 
            
            
            
            NVD: CVE-2017-9654

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsma-17-229-01
Trust: 3.5
url:http://www.securityfocus.com/bid/100471
Trust: 1.8
url:http://www.philips.com/productsecurity
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9654
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-9654
Trust: 0.8
url:http://www.usa.philips.com/
Trust: 0.3
url:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/522.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-22812 // 
            
            
            
            VULHUB: VHN-117857 // 
            
            
            
            VULMON: CVE-2017-9654 // 
            
            
            
            BID: 100471 // 
            
            
            
            JVNDB: JVNDB-2017-013353 // 
            
            
            
            CNNVD: CNNVD-201706-583 // 
            
            
            
            NVD: CVE-2017-9654

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 100471

SOURCES
db:IVDid:b5d3f202-7804-4a30-a776-5059328187da
db:CNVDid:CNVD-2017-22812
db:VULHUBid:VHN-117857
db:VULMONid:CVE-2017-9654
db:BIDid:100471
db:JVNDBid:JVNDB-2017-013353
db:CNNVDid:CNNVD-201706-583
db:NVDid:CVE-2017-9654

LAST UPDATE DATE
2024-11-23T21:39:01.692000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-22812date:2017-08-25T00:00:00
db:VULHUBid:VHN-117857date:2019-10-09T00:00:00
db:VULMONid:CVE-2017-9654date:2019-10-09T00:00:00
db:BIDid:100471date:2017-08-17T00:00:00
db:JVNDBid:JVNDB-2017-013353date:2018-06-22T00:00:00
db:CNNVDid:CNNVD-201706-583date:2019-10-17T00:00:00
db:NVDid:CVE-2017-9654date:2024-11-21T03:36:35.477

SOURCES RELEASE DATE
db:IVDid:b5d3f202-7804-4a30-a776-5059328187dadate:2017-08-25T00:00:00
db:CNVDid:CNVD-2017-22812date:2017-08-25T00:00:00
db:VULHUBid:VHN-117857date:2018-04-24T00:00:00
db:VULMONid:CVE-2017-9654date:2018-04-24T00:00:00
db:BIDid:100471date:2017-08-17T00:00:00
db:JVNDBid:JVNDB-2017-013353date:2018-06-22T00:00:00
db:CNNVDid:CNNVD-201706-583date:2017-06-15T00:00:00
db:NVDid:CVE-2017-9654date:2018-04-24T15:29:00.777