CVE-2017-14111

Published: Nov 17, 2017Modified: May 13, 2026

7.2

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

The workstation logging function in Philips IntelliSpace Cardiovascular (ISCV) 2.3.0 and earlier and Xcelera R4.1L1 and earlier records domain authentication credentials, which if accessed allows an attacker to use credentials to access the application, or other user entitlements.

Affected (2)

Products: Philips: Intellispace Cardiovascular, Xcelera

2 products

Intellispace Cardiovascular

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Philips Intellispace Cardiovascular	Up to 2.3.0
Philips Xcelera	Up to r4.1l1

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (6)

http://www.securityfocus.com/bid/101850

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01

Source: cve@mitre.org

Issue TrackingThird Party AdvisoryUS Government Resource

https://www.usa.philips.com/healthcare/about/customer-support/product-security

Source: cve@mitre.org

Issue TrackingMitigationVendor Advisory

http://www.securityfocus.com/bid/101850

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://ics-cert.us-cert.gov/advisories/ICSMA-17-318-01

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party AdvisoryUS Government Resource

https://www.usa.philips.com/healthcare/about/customer-support/product-security

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMitigationVendor Advisory

Timeline

No history available yet.