CVE-2020-14477
low-risk
Published 2020-06-26
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior, Ultrasound EPIQ/Affiniti Versions VM5.0 and prior, Ultrasound Sparq Version 3.0.2 and prior and Ultrasound Xperius all versions, an attacker may use an alternate path or channel that does not require authentication of the alternate service login to view or modify information.
Do I need to act?
-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.6/10
Low
LOCAL
/ HIGH complexity
Affected Products (8)
Clearvue 850 Firmware
Clearvue 350 Firmware
Cx50 Firmware
Affiniti 70 Firmware
Affiniti 50 Firmware
Epiq 7 Firmware
Sparq Firmware
Xperius Firmware
Affected Vendors
References (2)
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsma-20-177-01
Third Party Advisory
https://www.us-cert.gov/ics/advisories/icsma-20-177-01
23
/ 100
low-risk
Severity
9/34 · Low
Exploitability
0/34 · Minimal
Exposure
14/34 · Moderate