Sign-up

ID

VAR-201911-1189


CVE

CVE-2019-13557


TITLE

Philips Tasy EMR and Tasy WebPortal Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-41429 // CNNVD: CNNVD-201911-388

DESCRIPTION

In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information. Tasy EMR and Tasy WebPortal Contains an information disclosure vulnerability.Information may be obtained. Both Philips Tasy EMR and Tasy WebPortal are products of Philips Europe. Tasy WebPortal is a web-based portal system. This vulnerability is caused by a configuration error such as a network system or product running, and an unauthorized attacker can exploit the vulnerability. Sensitive information of affected components

Trust: 2.43

sources: NVD: CVE-2019-13557 // JVNDB: JVNDB-2019-011841 // CNVD: CNVD-2019-41429 // IVD: bf15fd31-896f-4833-8181-d347eb34fa8f // VULHUB: VHN-145415

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: bf15fd31-896f-4833-8181-d347eb34fa8f // CNVD: CNVD-2019-41429

AFFECTED PRODUCTS

vendor:philipsmodel:tasy webportalscope:lteversion:3.02.1757

Trust: 1.8

vendor:philipsmodel:tasy emrscope:lteversion:3.02.1744

Trust: 1.0

vendor:philipsmodel:tasy emrscope: - version: -

Trust: 0.8

vendor:philipsmodel:tasy emrscope:lteversion:<=3.02.1744

Trust: 0.6

vendor:philipsmodel:tasy webportalscope:lteversion:<=3.02.1757

Trust: 0.6

vendor:tasy emrmodel: - scope:eqversion:*

Trust: 0.2

vendor:tasy webportalmodel: - scope:eqversion:*

Trust: 0.2

sources: IVD: bf15fd31-896f-4833-8181-d347eb34fa8f // CNVD: CNVD-2019-41429 // JVNDB: JVNDB-2019-011841 // NVD: CVE-2019-13557

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13557
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-13557
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-41429
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201911-388
value: MEDIUM

Trust: 0.6

IVD: bf15fd31-896f-4833-8181-d347eb34fa8f
value: MEDIUM

Trust: 0.2

VULHUB: VHN-145415
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-13557
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-41429
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: bf15fd31-896f-4833-8181-d347eb34fa8f
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-145415
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13557
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2019-13557
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: IVD: bf15fd31-896f-4833-8181-d347eb34fa8f // CNVD: CNVD-2019-41429 // VULHUB: VHN-145415 // JVNDB: JVNDB-2019-011841 // CNNVD: CNNVD-201911-388 // NVD: CVE-2019-13557

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-145415 // JVNDB: JVNDB-2019-011841 // NVD: CVE-2019-13557

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-388

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201911-388

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-011841

PATCH
title:Top Pageurl:https://www.philips.ae/
Trust: 0.8
title:Patch for Philips Tasy EMR and Tasy WebPortal Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/191109
Trust: 0.6
title:Philips Tasy EMR  and Tasy WebPortal Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101857
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41429 // 
            
            
            
            JVNDB: JVNDB-2019-011841 // 
            
            
            
            CNNVD: CNNVD-201911-388

EXTERNAL IDS
db:NVDid:CVE-2019-13557
Trust: 3.3
db:ICS CERTid:ICSMA-19-120-01
Trust: 3.1
db:CNNVDid:CNNVD-201911-388
Trust: 0.9
db:CNVDid:CNVD-2019-41429
Trust: 0.8
db:JVNDBid:JVNDB-2019-011841
Trust: 0.8
db:AUSCERTid:ESB-2019.1473.2
Trust: 0.6
db:NSFOCUSid:47543
Trust: 0.6
db:IVDid:BF15FD31-896F-4833-8181-D347EB34FA8F
Trust: 0.2
db:VULHUBid:VHN-145415
Trust: 0.1
sources:
            
            
            IVD: bf15fd31-896f-4833-8181-d347eb34fa8f // 
            
            
            
            CNVD: CNVD-2019-41429 // 
            
            
            
            VULHUB: VHN-145415 // 
            
            
            
            JVNDB: JVNDB-2019-011841 // 
            
            
            
            CNNVD: CNNVD-201911-388 // 
            
            
            
            NVD: CVE-2019-13557

REFERENCES
url:https://www.us-cert.gov/ics/advisories/icsma-19-120-01
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-13557
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13557
Trust: 0.8
url:https://ics-cert.us-cert.gov/advisories/icsma-19-120-01
Trust: 0.6
url:http://www.nsfocus.net/vulndb/47543
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.1473.2/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-41429 // 
            
            
            
            VULHUB: VHN-145415 // 
            
            
            
            JVNDB: JVNDB-2019-011841 // 
            
            
            
            CNNVD: CNNVD-201911-388 // 
            
            
            
            NVD: CVE-2019-13557

SOURCES
db:IVDid:bf15fd31-896f-4833-8181-d347eb34fa8f
db:CNVDid:CNVD-2019-41429
db:VULHUBid:VHN-145415
db:JVNDBid:JVNDB-2019-011841
db:CNNVDid:CNNVD-201911-388
db:NVDid:CVE-2019-13557

LAST UPDATE DATE
2024-11-23T21:59:38.004000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-41429date:2019-11-20T00:00:00
db:VULHUBid:VHN-145415date:2019-11-13T00:00:00
db:JVNDBid:JVNDB-2019-011841date:2019-11-19T00:00:00
db:CNNVDid:CNNVD-201911-388date:2020-08-10T00:00:00
db:NVDid:CVE-2019-13557date:2024-11-21T04:25:08.783

SOURCES RELEASE DATE
db:IVDid:bf15fd31-896f-4833-8181-d347eb34fa8fdate:2019-11-20T00:00:00
db:CNVDid:CNVD-2019-41429date:2019-11-20T00:00:00
db:VULHUBid:VHN-145415date:2019-11-08T00:00:00
db:JVNDBid:JVNDB-2019-011841date:2019-11-19T00:00:00
db:CNNVDid:CNNVD-201911-388date:2019-11-07T00:00:00
db:NVDid:CVE-2019-13557date:2019-11-08T18:15:11.403