Medical Device Software 漏洞

时间轴

供应商

Oracle48
Philips32
GE30
Hospira13
SOOIL8

产品

Philips Patient Information Center iX10
Philips IntelliSpace Portal9
Philips e-Alert Unit9
SOOIL AnyDana-i8
Oracle Healthcare Master Person Index8

修正

Official Fix84
Temporary Fix0
Workaround12
Unavailable0
Not Defined94

易受攻击性

High10
Functional2
Proof-of-Concept8
Unproven2
Not Defined168

访问向量

Not Defined0
Physical14
Local15
Adjacent27
Network134

身份验证

Not Defined0
High2
Low28
None160

用户交互

Not Defined0
Required30
None160

C3BM Index

CVSSv3 Base

≤10
≤20
≤30
≤416
≤514
≤632
≤729
≤863
≤919
≤1017

CVSSv3 Temp

≤10
≤20
≤31
≤418
≤512
≤645
≤721
≤859
≤918
≤1016

VulDB

≤10
≤21
≤37
≤411
≤525
≤625
≤731
≤863
≤99
≤1018

NVD

≤10
≤20
≤31
≤42
≤55
≤614
≤726
≤823
≤918
≤1026

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤72
≤80
≤90
≤100

供应商

≤10
≤20
≤30
≤40
≤52
≤61
≤710
≤83
≤93
≤105

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

零日攻击

<1k34
<2k36
<5k68
<10k17
<25k16
<50k7
<100k5
≥100k7

本日攻击

<1k152
<2k13
<5k8
<10k3
<25k11
<50k3
<100k0
≥100k0

攻击市场容量

🔴 CTI 活动

Affected Products (119): Baxter PrismaFlex, Baxter PrisMax, Baxter SIGMA Spectrum Infusion System, Baxter Spectrum Infusion System, BD Alaris 8015 PC Unit, BD Alaris 8015 Point of Care, BD Alaris CC, BD Alaris Gateway, BD Alaris Gateway Workstation, BD Alaris GH, BD Alaris GS, BD Alaris Systems Manager, BD Alaris TIVA, BeaconMedaes Scroll Medical Air Systems, BlackBerry QNX OS for Medical, BlackBerry QNX OS for Safety, BlackBerry QNX Software Development Platform, BMC Medical Luna CPAP Machines, Chikitsa Patient Management System, Draeger X-Dock, Dräger Infinity Delta, Dräger Infinity Delta XL, Dräger Infinity Explorer C700, Dräger Infinity Kappa, GE Healthcare CADStream Server, GE Healthcare Centricity Analytics Server, GE Healthcare Centricity Clinical Archive Audit Trail Repository, GE Healthcare Centricity DMS, GE Healthcare Centricity Image Vault, GE Healthcare Centricity PACS, GE Healthcare Centricity PACS-IW, GE Healthcare Centricity PACS Workstation, GE Healthcare Discovery 530C, GE Healthcare Discovery NM 750b, GE Healthcare Discovery VH, GE Healthcare Discovery XR656, GE Healthcare Discovery XR656 G2, GE Healthcare eNTEGRA P, GE Healthcare Infinia II, GE Healthcare Millennium, GE Healthcare Optima, GE Healthcare Optima MR360, GE Healthcare Precision MPi, GE Healthcare Precision THUNIS-800+, GE Healthcare Revolution XQi, GE R, GE Voluson S8, GE Healthcare AW, GE Healthcare BrightSpeed, GE Healthcare Brivo, GE Healthcare DiscoveryRevolution EVO, GE Healthcare EchoPAC, GE Healthcare Image Vault, GE Healthcare Infina, GE Healthcare Innova, GE Healthcare LOGIQ, GE Healthcare Optima, GE Healthcare PETrace, GE Healthcare PET Discovery IQ, GE Healthcare Signa, GE Healthcare Ventri, GE Healthcare Vivid, GE Healthcare Voluson, GE Healthcare Xeleris, Hamilton Medical T1-Ventilator, Hillrom Welch Allyn Medical Device Management Tools, Hospira Lifecare PCA Infusion Pump, Hospira LifeCare PCA Infusion System, Hospira Plum A+3 Infusion System, Hospira Plum A+ Infusion System, Hospira Symbiq Infusion System, Infusionsoft Gravity Forms, IntelliVue Patient Monitor, IP Infusion OcNOS, IP Infusion ZebOS, iTriage Health, Kinfusion Com Sportfusion, Medical Center Columbia WebSite, Medical Devices, Medtronic 24950 MyCareLink Monitor, Medtronic 24952 MyCareLink Monitor, Medtronic MyCareLink Patient Monitor, Medtronic Paradigm wireless insulin pump, Medtronic Smart Model 25000 Patient Reader, Oracle Healthcare Analytics Data Integration, Oracle Healthcare Data Repository, Oracle Healthcare Foundation, Oracle Healthcare Master Person Index, Oracle Healthcare Translational Research, Oracle Health Sciences Argus Safety, Oracle Health Sciences Central Coding, Oracle Health Sciences Clinical Development Center, Oracle Health Sciences Data Management Workbench, Oracle Health Sciences Empirica Inspections, Oracle Health Sciences Empirica Signal, Oracle Health Sciences Empirica Study, Oracle Health Sciences InForm, Oracle Health Sciences Information Manager, PacerCMS, Pharmacy Medical Store and Sale Point, Philips e-Alert Unit, Philips Efficia CM Series, Philips IntelliSpace Cardiovascular, Philips IntelliSpace PACS, Philips IntelliSpace Portal, Philips IntelliVue Patient Monitor, Philips iSite, Philips iSite PACS, Philips Patient Information Center iX, Philips PerformanceBridge Focal Point, Philips Xcelera, Philips Healthcare Tasy Electronic Medical Record, Smiths-Medical Medfusion 4000 Wireless Syringe Infusion Pump, SOOIL AnyDana-A, SOOIL AnyDana-i, SOOIL DiabecareRS, SOOIL Diabecare RS, St. Jude Medical Merlin@home, Vyaire Medical CareFusion Upgrade Utility

已发布BaseTemp漏洞ProdExp修正CTICVE
2021-11-265.04.8Philips Patient Information Center iX/Efficia CM Series 弱加密Patient Information Center iX/Efficia CM SeriesNot DefinedNot Defined0.07CVE-2021-43550
2021-11-263.33.2Philips Patient Information Center iX 弱加密Patient Information Center iXNot DefinedNot Defined0.07CVE-2021-43552
2021-11-266.56.2Philips Patient Information Center iX 权限升级Patient Information Center iXNot DefinedOfficial Fix0.08CVE-2021-43548
2021-10-195.55.4Oracle Healthcare Foundation Apache Tika 拒绝服务Healthcare FoundationNot DefinedOfficial Fix0.00CVE-2021-28657
2021-10-195.55.4Oracle Healthcare Data Repository Apache Groovy 信息公开Healthcare Data RepositoryNot DefinedOfficial Fix0.00CVE-2020-17521
2021-10-196.46.3Oracle Health Sciences InForm jQuery 跨网站脚本Health Sciences InFormNot DefinedOfficial Fix0.06CVE-2020-11023
2021-10-196.46.3Oracle Health Sciences Central Coding jQuery 跨网站脚本Health Sciences Central CodingNot DefinedOfficial Fix0.00CVE-2020-11022
2021-10-197.87.6Oracle Healthcare Data Repository Spring Framework 权限升级Healthcare Data RepositoryNot DefinedOfficial Fix0.04CVE-2021-22118
2021-10-199.89.6Oracle Healthcare Data Repository Nimbus JOSE+JWT 权限升级Healthcare Data RepositoryNot DefinedOfficial Fix0.00CVE-2019-17195
2021-08-246.36.3Philips Healthcare Tasy Electronic Medical Record executaConsultaEspecifico SQL注入Tasy Electronic Medical RecordNot DefinedNot Defined0.04CVE-2021-39376
2021-08-185.55.5BlackBerry QNX Software Development Platform calloc 内存损坏QNX Software Development Platform/QNX OS for Medical/QNX OS for SafetyNot DefinedNot Defined0.06CVE-2021-22156
2021-08-063.53.4Chikitsa Patient Management System insert_patient_add_appointment 跨网站脚本Patient Management SystemNot DefinedNot Defined0.00CVE-2021-38152
2021-08-063.53.4Chikitsa Patient Management System todos 跨网站脚本Patient Management SystemNot DefinedNot Defined0.02CVE-2021-38151
2021-08-063.53.4Chikitsa Patient Management System add_user 跨网站脚本Patient Management SystemNot DefinedNot Defined0.03CVE-2021-38149
2021-06-125.55.3Hillrom Welch Allyn Medical Device Management Tools 内存损坏Welch Allyn Medical Device Management ToolsNot DefinedOfficial Fix0.03CVE-2021-27410
2021-06-123.53.4Hillrom Welch Allyn Medical Device Management Tools 信息公开Welch Allyn Medical Device Management ToolsNot DefinedOfficial Fix0.05CVE-2021-27408
2021-06-025.04.7Pharmacy Medical Store and Sale Point inventories.php SQL注入Pharmacy Medical Store and Sale PointProof-of-ConceptNot Defined0.08CVE-2020-24862
2021-05-216.36.0Draeger X-Dock Debug Port 权限升级X-DockNot DefinedOfficial Fix0.03CVE-2021-28112
2021-05-217.37.0Draeger X-Dock 弱身份验证X-DockNot DefinedOfficial Fix0.00CVE-2021-28111
2021-04-217.37.0Oracle Healthcare Foundation Self Service Analytics 权限升级Healthcare FoundationNot DefinedOfficial Fix0.00CVE-2019-10086
2021-04-217.57.2Oracle Health Sciences Empirica Signal Topics/REST Services XML External EntityHealth Sciences Empirica SignalNot DefinedOfficial Fix0.06CVE-2020-25649
2021-04-217.77.4Oracle Health Sciences Information Manager Health Record Locator 信息公开Health Sciences Information ManagerNot DefinedOfficial Fix0.05CVE-2020-1945
2021-03-163.33.3Hamilton Medical T1-Ventilator Configuration Interface 信息公开T1-VentilatorNot DefinedNot Defined0.00CVE-2020-27290
2021-03-163.33.3Hamilton Medical T1-Ventilator XML Validation 拒绝服务T1-VentilatorNot DefinedNot Defined0.07CVE-2020-27282
2021-03-164.74.7Hamilton Medical T1-Ventilator Configuration Interface 弱身份验证T1-VentilatorNot DefinedNot Defined0.00CVE-2020-27278

165 更多条目未显示

Want to stay up to date on a daily basis?

Enable the mail alert feature now!