Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2020-27298
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-20 Jan, 2021 | 19:27
Updated At-04 Jun, 2025 | 19:46
Rejected At-
▼CVE Numbering Authority (CNA)
Philips Interventional Workstations OS Command Injection

Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.

Affected Products
Vendor
PhilipsPhilips
Product
Interventional Workspot
Default Status
unaffected
Versions
Affected
  • Release 1.3.2
  • Release 1.4.0
  • Release 1.4.1
  • Release 1.4.3
  • Release 1.4.5
Vendor
PhilipsPhilips
Product
Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live
Default Status
unaffected
Versions
Affected
  • Release 1.0
Vendor
PhilipsPhilips
Product
ViewForum
Default Status
unaffected
Versions
Affected
  • Release 6.3V1L10
Problem Types
TypeCWE IDDescription
CWECWE-78CWE-78 OS Command Injection
Type: CWE
CWE ID: CWE-78
Description: CWE-78 OS Command Injection
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Philips has released a software patch to proactively address this vulnerability in the installed base and will schedule service activities with impacted users to implement the correction. As a mitigation for this vulnerability, users with expertise are advised to change the IPMI password for the workstation interface. Users with questions regarding specific Philips Interventional Workspot and/or installations and correction eligibility should contact a Philips service support team, regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , or call 1-800-722-9377 with reference to field change order (FCO) number 2019-IGTBST-014. Please see the Philips product security website https://www.philips.com/productsecurity for the Philips advisory and the latest security information for Philips products.

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-019-01
x_refsource_MISC
https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive
N/A
Hyperlink: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-019-01
Resource:
x_refsource_MISC
Hyperlink: https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive
Resource: N/A
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01
x_refsource_MISC
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01
Resource:
x_refsource_MISC
x_transferred
Details not found