{ "containers": { "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "SureSigns VS4", "vendor": "Philips", "versions": [ { "lessThan": "A.07.107", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "credits": [ { "lang": "en", "type": "finder", "value": "Cleveland Clinic reported these vulnerabilities to Philips." } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "
\nWhen an actor claims to have a given identity, \n\nPhilips SureSigns VS4, A.07.107 and prior \ndoes not prove or insufficiently proves the claim is correct.\n\n
" } ], "value": "When an actor claims to have a given identity, \n\nPhilips SureSigns VS4, A.07.107 and prior \ndoes not prove or insufficiently proves the claim is correct." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-287", "description": "CWE-287", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-06-04T21:37:16.919Z" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-233-01" }, { "url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive" } ], "source": { "advisory": "ICSMA-20-233-01", "discovery": "EXTERNAL" }, "title": "Philips SureSigns VS4 Improper Authentication", "workarounds": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "As a mitigation to these vulnerabilities, Philips recommends users \nchange all system passwords on the SureSigns VS4 with unique passwords \nfor each device and secure the device when not in use to prevent \nunauthorized access, as referenced in the Installation and Configuration\n Guide available on Incenter. Philips also recommends users consider \nreplacing the SureSigns VS4 device with a newer technology.