Sign-up

ID

VAR-202101-0372


CVE

CVE-2020-27298


TITLE

plural Philips Made Interventional Workstation To OS Command injection vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-001009

DESCRIPTION

Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component. Philips Multiple provided by the company Interventional Workstation To OS Command injection (CWE-78) Vulnerability exists.An attacker on an adjacent network could shut down or restart the workstation. Several Philips products contain a security vulnerability that could allow an attacker to modify system commands that the system is expected to execute

Trust: 1.8

sources: NVD: CVE-2020-27298 // JVNDB: JVNDB-2021-001009 // VULHUB: VHN-370818 // VULMON: CVE-2020-27298

AFFECTED PRODUCTS

vendor:philipsmodel:interventional workspotscope:eqversion:1.3.2

Trust: 1.0

vendor:philipsmodel:interventional workspotscope:eqversion:1.4.0

Trust: 1.0

vendor:philipsmodel:interventional workspotscope:eqversion:1.4.1

Trust: 1.0

vendor:philipsmodel:dynamic coronary roadmapscope:eqversion:1.0

Trust: 1.0

vendor:philipsmodel:stentboost livescope:eqversion:1.0

Trust: 1.0

vendor:philipsmodel:coronary toolsscope:eqversion:1.0

Trust: 1.0

vendor:philipsmodel:interventional workspotscope:eqversion:1.4.5

Trust: 1.0

vendor:philipsmodel:viewforumscope:eqversion:6.3v1l10

Trust: 1.0

vendor:philipsmodel:interventional workspotscope:eqversion:1.4.3

Trust: 1.0

vendor:philipsmodel:coronary tools/dynamic coronary roadmap/stentboost livescope:eqversion:(release 1.0)

Trust: 0.8

vendor:philipsmodel:interventional workspotscope:eqversion:(release 1.3.2、1.4.0、1.4.1、1.4.3、1.4.5)

Trust: 0.8

vendor:philipsmodel:viewforumscope:eqversion:(release 6.3v1l10)

Trust: 0.8

sources: JVNDB: JVNDB-2021-001009 // NVD: CVE-2020-27298

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-27298
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2020-27298
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2021-001009
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202101-1616
value: MEDIUM

Trust: 0.6

VULHUB: VHN-370818
value: LOW

Trust: 0.1

VULMON: CVE-2020-27298
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-27298
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-370818
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-27298
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 2.0

IPA score: JVNDB-2021-001009
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-370818 // VULMON: CVE-2020-27298 // JVNDB: JVNDB-2021-001009 // CNNVD: CNNVD-202101-1616 // NVD: CVE-2020-27298 // NVD: CVE-2020-27298

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-370818 // JVNDB: JVNDB-2021-001009 // NVD: CVE-2020-27298

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202101-1616

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202101-1616

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2021-001009

PATCH
title:Customer Service Solutionsurl:https://www.usa.philips.com/healthcare/solutions/customer-service-solutions
Trust: 0.8
title:Product Securityurl:https://www.usa.philips.com/healthcare/about/customer-support/product-security
Trust: 0.8
title:Philips Various product security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139868
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2021-001009 // 
            
            
            
            CNNVD: CNNVD-202101-1616

EXTERNAL IDS
db:NVDid:CVE-2020-27298
Trust: 2.6
db:ICS CERTid:ICSMA-21-019-01
Trust: 2.6
db:JVNid:JVNVU99865781
Trust: 0.8
db:JVNDBid:JVNDB-2021-001009
Trust: 0.8
db:CNNVDid:CNNVD-202101-1616
Trust: 0.7
db:AUSCERTid:ESB-2021.0229
Trust: 0.6
db:VULHUBid:VHN-370818
Trust: 0.1
db:VULMONid:CVE-2020-27298
Trust: 0.1
sources:
            
            
            VULHUB: VHN-370818 // 
            
            
            
            VULMON: CVE-2020-27298 // 
            
            
            
            JVNDB: JVNDB-2021-001009 // 
            
            
            
            CNNVD: CNNVD-202101-1616 // 
            
            
            
            NVD: CVE-2020-27298

REFERENCES
url:https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01
Trust: 2.6
url:https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-019-01
Trust: 1.0
url:https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-27298
Trust: 0.8
url:http://jvn.jp/cert/jvnvu99865781
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2020-27298
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.0229/
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195254
Trust: 0.1
sources:
            
            
            VULHUB: VHN-370818 // 
            
            
            
            VULMON: CVE-2020-27298 // 
            
            
            
            JVNDB: JVNDB-2021-001009 // 
            
            
            
            CNNVD: CNNVD-202101-1616 // 
            
            
            
            NVD: CVE-2020-27298

SOURCES
db:VULHUBid:VHN-370818
db:VULMONid:CVE-2020-27298
db:JVNDBid:JVNDB-2021-001009
db:CNNVDid:CNNVD-202101-1616
db:NVDid:CVE-2020-27298

LAST UPDATE DATE
2025-06-05T23:20:18.617000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-370818date:2021-02-02T00:00:00
db:VULMONid:CVE-2020-27298date:2021-02-02T00:00:00
db:JVNDBid:JVNDB-2021-001009date:2021-01-21T05:09:27
db:CNNVDid:CNNVD-202101-1616date:2021-02-09T00:00:00
db:NVDid:CVE-2020-27298date:2025-06-04T20:15:21.807

SOURCES RELEASE DATE
db:VULHUBid:VHN-370818date:2021-01-26T00:00:00
db:VULMONid:CVE-2020-27298date:2021-01-26T00:00:00
db:JVNDBid:JVNDB-2021-001009date:2021-01-21T05:09:27
db:CNNVDid:CNNVD-202101-1616date:2021-01-20T00:00:00
db:NVDid:CVE-2020-27298date:2021-01-26T18:15:45.990