CVE-2022-0922

Summary

The software does not perform any authentication for critical system functionality.

Affected Software

VendorProductVersion RangeStatus
Philipse-AlertAll < 2.7affected

Weaknesses

  • CWE-306: CWE-306 Missing Authentication for Critical Function

Workarounds

Users should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only authorized personnel should be permitted to access the network and the devices connected to it.

Users with questions about their specific e-Alert product should contact a Philips service support team or regional service support. Users can also reference the Philips advisory for more details.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References