CVE-2020-14477

Published: Jun 26, 2020

Modified: Jun 4, 2025

PUBLISHED

CVSS v3.1

3.6

LOW

Description

In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.

Vendor	Product	Versions
Philips	Ultrasound ClearVue	affected `0 - < versions 3.2`
Philips	Ultrasound CX	affected `0 - < versions 5.0.2`
Philips	Ultrasound EPIQ/Affiniti	affected `0 - < versions VM5.0`
Philips	Ultrasound Sparq	affected `0 - < version 3.0.2`
Philips	Ultrasound Xperius	affected `all versions`

Weaknesses (CWE)

CWE-288

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

References

https://www.us-cert.gov/ics/advisories/icsma-20-177-01

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-14477

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References