What is the severity of CVE-2017-9656?

CVE-2017-9656 has been identified as a vulnerability that could impact the confidentiality, integrity, and availability of the backend database.

How do I fix CVE-2017-9656?

To remediate CVE-2017-9656, it is essential to update the Philips DoseWise Portal to a version that does not utilize hard-coded database credentials.

What versions of Philips DoseWise are affected by CVE-2017-9656?

CVE-2017-9656 affects Philips DoseWise Portal versions 1.1.7.333 and 2.1.1.3069.

What are the risks of exploiting CVE-2017-9656?

Exploitation of CVE-2017-9656 could allow an attacker to gain unauthorized access to the backend database, potentially compromising sensitive data.

Is there any workaround for CVE-2017-9656?

Currently, there are no documented workarounds for CVE-2017-9656 other than applying the appropriate software updates.

Vulnerability/
CVE-2017-9656

critical

9.1

CWE

798

24/4/2018

17/9/2024

CVE-2017-9656

First published: Tue Apr 24 2018(Updated: )

The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attacker to exploit this vulnerability, elevated privileges are first required for an attacker to access the web application backend system files that contain the hard-coded credentials. Successful exploitation may allow a remote attacker to gain access to the database of the DWP application, which contains PHI. CVSS v3 base score: 9.1, CVSS vector string: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Philips DoseWise	=1.1.7.333
Philips DoseWise	=2.1.1.3069

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2017-9656?
CVE-2017-9656 has been identified as a vulnerability that could impact the confidentiality, integrity, and availability of the backend database.
How do I fix CVE-2017-9656?
To remediate CVE-2017-9656, it is essential to update the Philips DoseWise Portal to a version that does not utilize hard-coded database credentials.
What versions of Philips DoseWise are affected by CVE-2017-9656?
CVE-2017-9656 affects Philips DoseWise Portal versions 1.1.7.333 and 2.1.1.3069.
What are the risks of exploiting CVE-2017-9656?
Exploitation of CVE-2017-9656 could allow an attacker to gain unauthorized access to the backend database, potentially compromising sensitive data.
Is there any workaround for CVE-2017-9656?
Currently, there are no documented workarounds for CVE-2017-9656 other than applying the appropriate software updates.

collector/nvd-index
agent/type
agent/softwarecombine
agent/author
agent/weakness
agent/references
agent/severity
agent/description
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/first-publish-date
agent/source
vendor/philips
canonical/philips dosewise
version/philips dosewise/1.1.7.333
version/philips dosewise/2.1.1.3069

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.