CVE-2022-0922
6.5
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The software does not perform any authentication for critical system functionality.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Philips | e-Alert | All < 2.7 | affected |
Weaknesses
- CWE-306: CWE-306 Missing Authentication for Critical Function
Workarounds
Users should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only authorized personnel should be permitted to access the network and the devices connected to it.
Users with questions about their specific e-Alert product should contact a Philips service support team or regional service support. Users can also reference the Philips advisory for more details.
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.