Sign-up

ID

VAR-202108-1361


CVE

CVE-2021-39375


TITLE

Philips Healthcare Tasy Electronic Medical Record  In  SQL  Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-003855

DESCRIPTION

Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.43

sources: NVD: CVE-2021-39375 // JVNDB: JVNDB-2021-003855 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-400852 // VULHUB: VHN-400853 // VULMON: CVE-2021-39375

AFFECTED PRODUCTS

vendor:philipsmodel:tasy electronic medical recordscope:eqversion:3.06

Trust: 1.0

vendor:フィリップスmodel:tasy emrscope:eqversion:3.0.6

Trust: 0.8

vendor:フィリップスmodel:tasy emrscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-003855 // NVD: CVE-2021-39375

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-39375
value: HIGH

Trust: 1.0

NVD: CVE-2021-39375
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202108-1942
value: HIGH

Trust: 0.6

VULHUB: VHN-400852
value: MEDIUM

Trust: 0.1

VULHUB: VHN-400853
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-39375
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-39375
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-400852
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULHUB: VHN-400853
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-39375
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-39375
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-400852 // VULHUB: VHN-400853 // VULMON: CVE-2021-39375 // JVNDB: JVNDB-2021-003855 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-1942 // NVD: CVE-2021-39375

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.2

problemtype:SQL injection (CWE-89) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-400852 // VULHUB: VHN-400853 // JVNDB: JVNDB-2021-003855 // NVD: CVE-2021-39375

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1942

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Philips Tasy Electronic Medical Record (EMR)url:https://www.philips.com/a-w/about/news/media-library/20180726-Philips-Tasy-Electronic-Medical-Record-EMR.html

Trust: 0.8

title:CVE-2021-39375url:https://github.com/AlAIAL90/CVE-2021-39375

Trust: 0.1

sources: VULMON: CVE-2021-39375 // JVNDB: JVNDB-2021-003855

EXTERNAL IDS

db:NVDid:CVE-2021-39375

Trust: 2.7

db:ICS CERTid:ICSMA-21-308-01

Trust: 0.8

db:JVNid:JVNVU90530218

Trust: 0.8

db:JVNDBid:JVNDB-2021-003855

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021082713

Trust: 0.6

db:AUSCERTid:ESB-2021.3697

Trust: 0.6

db:CNNVDid:CNNVD-202108-1942

Trust: 0.6

db:VULHUBid:VHN-400852

Trust: 0.1

db:VULHUBid:VHN-400853

Trust: 0.1

db:VULMONid:CVE-2021-39375

Trust: 0.1

sources: VULHUB: VHN-400852 // VULHUB: VHN-400853 // VULMON: CVE-2021-39375 // JVNDB: JVNDB-2021-003855 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-1942 // NVD: CVE-2021-39375

REFERENCES

url:https://diesec.home.blog/2021/08/24/philips-tasy-emr-3-06-sql-injection-cve-2021-39375cve-2021-39376/

Trust: 2.7

url:https://jvn.jp/vu/jvnvu90530218/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-39375

Trust: 0.8

url:https://us-cert.cisa.gov/ics/advisories/icsma-21-308-01

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://br.linkedin.com/in/felippe-foppa-6b1434108

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3697

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021082713

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/89.html

Trust: 0.1

url:https://github.com/alaial90/cve-2021-39375

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-400852 // VULHUB: VHN-400853 // VULMON: CVE-2021-39375 // JVNDB: JVNDB-2021-003855 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202108-1942 // NVD: CVE-2021-39375

SOURCES

db:VULHUBid:VHN-400852
db:VULHUBid:VHN-400853
db:VULMONid:CVE-2021-39375
db:JVNDBid:JVNDB-2021-003855
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202108-1942
db:NVDid:CVE-2021-39375

LAST UPDATE DATE

2024-08-14T13:13:37.568000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-400852date:2021-09-14T00:00:00
db:VULHUBid:VHN-400853date:2021-08-31T00:00:00
db:VULMONid:CVE-2021-39375date:2021-09-14T00:00:00
db:JVNDBid:JVNDB-2021-003855date:2021-11-08T08:25:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202108-1942date:2022-03-10T00:00:00
db:NVDid:CVE-2021-39375date:2021-09-14T18:26:44.653

SOURCES RELEASE DATE

db:VULHUBid:VHN-400852date:2021-08-24T00:00:00
db:VULHUBid:VHN-400853date:2021-08-24T00:00:00
db:VULMONid:CVE-2021-39375date:2021-08-24T00:00:00
db:JVNDBid:JVNDB-2021-003855date:2021-11-08T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202108-1942date:2021-08-24T00:00:00
db:NVDid:CVE-2021-39375date:2021-08-24T13:15:14.590