CVE-2020-27298

Summary

Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.

Affected Software

VendorProductVersion RangeStatus
PhilipsInterventional WorkspotRelease 1.3.2affected
PhilipsInterventional WorkspotRelease 1.4.0affected
PhilipsInterventional WorkspotRelease 1.4.1affected
PhilipsInterventional WorkspotRelease 1.4.3affected
PhilipsInterventional WorkspotRelease 1.4.5affected
PhilipsCoronary Tools/Dynamic Coronary Roadmap/Stentboost LiveRelease 1.0affected
PhilipsViewForumRelease 6.3V1L10affected

Weaknesses

  • CWE-78: CWE-78 OS Command Injection

ADP Enrichment

CVE Program Container

Additional References

References