Vulnerability Details : CVE-2017-9656
The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.
Exploit prediction scoring system (EPSS) score for CVE-2017-9656
Probability of exploitation activity in the next 30 days: 0.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 60 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-9656
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
9.1
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
2.3
|
6.0
|
NIST |
CWE ids for CVE-2017-9656
-
The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.Assigned by:
- ics-cert@hq.dhs.gov (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2017-9656
-
http://www.securityfocus.com/bid/100471
Philips DoseWise Portal ICSMA-17-229-01 Security Bypass and Information Disclosure VulnerabilitiesThird Party Advisory;VDB Entry
-
https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01
Philips' DoseWise Portal Vulnerabilities | CISAThird Party Advisory;US Government Resource
-
http://www.philips.com/productsecurity
Product Security | PhilipsVendor Advisory
Products affected by CVE-2017-9656
- cpe:2.3:a:philips:dosewise:2.1.1.3069:*:*:*:*:*:*:*
- cpe:2.3:a:philips:dosewise:1.1.7.333:*:*:*:*:*:*:*