CVE-2020-27298

Опубликовано: 26 янв. 2021

Источник: nvd

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.

Ссылки

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-019-01
https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive
https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:philips:coronary_tools:1.0:*:*:*:*:*:*:*

cpe:2.3:a:philips:dynamic_coronary_roadmap:1.0:*:*:*:*:*:*:*

cpe:2.3:a:philips:interventional_workspot:1.3.2:*:*:*:*:*:*:*

cpe:2.3:a:philips:interventional_workspot:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:philips:interventional_workspot:1.4.1:*:*:*:*:*:*:*

cpe:2.3:a:philips:interventional_workspot:1.4.3:*:*:*:*:*:*:*

cpe:2.3:a:philips:interventional_workspot:1.4.5:*:*:*:*:*:*:*

cpe:2.3:a:philips:stentboost_live:1.0:*:*:*:*:*:*:*

cpe:2.3:a:philips:viewforum:6.3v1l10:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00225

Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-4gc9-p44x-vcgg