CVE-2025-2229
7.7
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A token is created using the username, current date/time, and a fixed AES-128 encryption key, which is the same across all installations.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Philips | Intellispace Cardiovascular (ISCV) | 0 <= 4.1 | affected |
Weaknesses
- CWE-1391: CWE-1391
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-072-01
- https://www.philips.com/a-w/security/security-advisories.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.