Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Philips — Vulnerabilities & Security Advisories 88

Browse all 88 CVE security advisories affecting Philips. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Philips operates as a global health technology company, primarily manufacturing medical imaging systems, patient monitoring devices, and home health solutions. Its extensive portfolio of connected medical equipment has historically exposed it to critical vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws within its web-based management interfaces. With 88 CVEs currently on record, the company faces significant challenges in securing legacy devices that often lack robust patching mechanisms or default credential protections. Notable incidents include the 2021 ransomware attack by the REvil group, which disrupted healthcare services across Europe and the United States by targeting Philips’ IT infrastructure. These events highlight the critical intersection of operational technology and cybersecurity, emphasizing the urgent need for enhanced security postures in life-critical medical environments to prevent service interruptions and protect patient data integrity.

Top products by Philips: e-Alert Unit (non-medical device) Philips IntelliSpace Portal Hue Bridge Vue PACS Patient Information Center iX (PICiX) Clinical Collaboration Platform SureSigns VS4 IntelliSpace Portal MRI 1.5T Brilliance CT Scanners Philips Alice 6 System IntelliVue MX40 Patient Worn Monitor IntelliSpace Cardiovascular (ISCV) products Intellispace Cardiovascular (ISCV) Patient Information Center iX (PIC iX) IntelliBridge EC 40 Hub PageWriter TC10, TC20, TC30, TC50, TC70 Cardiographs DoseWise Portal Interventional Workspot SmartControl Engage Software Philips Tasy EMR Gemini 16 Slice Interoperability Solution XDS IntelliVue patient monitors DreamMapper Efficia CM Series e-Alert EncoreAnywhere Philips Holter 2010 Plus
CVE IDTitleCVSSSeverityPublished
CVE-2026-3562 Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability — Hue BridgeCWE-347 8.8AIHighAI2026-03-13
CVE-2026-3561 Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability — Hue BridgeCWE-122 8.0AIHighAI2026-03-13
CVE-2026-3560 Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability — Hue BridgeCWE-122 8.8AIHighAI2026-03-13
CVE-2026-3559 Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability — Hue BridgeCWE-323 8.8AIHighAI2026-03-13
CVE-2026-3558 Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability — Hue BridgeCWE-306 8.8AIHighAI2026-03-13
CVE-2026-3557 Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability — Hue BridgeCWE-122 8.8AIHighAI2026-03-13
CVE-2026-3556 Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability — Hue BridgeCWE-122 8.8AIHighAI2026-03-13
CVE-2026-3555 Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability — Hue BridgeCWE-122 8.0AIHighAI2026-03-13
CVE-2025-3426 Use of default hardcoded credentials — IntelliSpace PortalCWE-798 9.8AICriticalAI2025-04-07
CVE-2025-3425 Unauthenticated Remote Code Execution via .NET Deserialization — IntelliSpace PortalCWE-502 9.8AICriticalAI2025-04-07
CVE-2025-3424 3.2.1 Arbitrary File Read in insecure .NET Remoting TCP Channel — IntelliSpace PortalCWE-22 7.5AIHighAI2025-04-07
CVE-2025-2229 Philips Intellispace Cardiovascular (ISCV) Use of Weak Credentials — Intellispace Cardiovascular (ISCV)CWE-1391 7.7 High2025-03-13
CVE-2025-2230 Philips Intellispace Cardiovascular (ISCV) Improper Authentication — Intellispace Cardiovascular (ISCV)CWE-287 7.7 High2025-03-13
CVE-2023-40704 Philips Vue PACS Use of Default Credentials — Vue PACSCWE-1392 6.8 Medium2024-07-18
CVE-2018-8863 Philips EncoreAnywhere Exposure of Sensitive Information to an Unauthorized Actor — EncoreAnywhere CWE-200 5.9 Medium2023-11-09
CVE-2021-32966 Philips Interoperability Solution XDS - Clear Text Transmission of Sensitive Information — Interoperability Solution XDSCWE-319 3.7 Low2022-05-25
CVE-2022-0922 ICSMA-22-088-01 Philips e-Alert — e-AlertCWE-306 6.5 Medium2022-04-01
CVE-2021-33018 Philips Vue PACS Use of a Broken or Risky Cryptographic Algorithm — Vue PACSCWE-327 7.5 High2022-04-01
CVE-2021-33022 Philips Vue PACS Cleartext Transmission of Sensitive Information — Vue PACSCWE-319 7.5 High2022-04-01
CVE-2021-27497 Philips Vue PACS Protection Mechanism Failure — Vue PACS 6.5 Medium2022-04-01
CVE-2021-33024 Philips Vue PACS Insufficiently Protected Credentials — Vue PACSCWE-522 3.7 Low2022-04-01
CVE-2021-33020 Philips Vue PACS Use of a Key Past its Expiration Date — Vue PACSCWE-324 8.2 High2022-04-01
CVE-2021-27501 Philips Vue PACS Improper Adherence to Coding Standards — Vue PACSCWE-710 7.5 High2022-04-01
CVE-2021-27493 Philips Vue PACS — Vue PACS 6.1 Medium2022-04-01
CVE-2021-27456 Philips Gemini PET/CT Storage of Sensitive Data in a Mechanism Without Access Control — Gemini 16 SliceCWE-921 2.4 Low2022-03-23
CVE-2021-23173 ICSMA-22-006-01 Philips Engage Software — Engage SoftwareCWE-284 2.6 Low2022-01-07
CVE-2021-43550 Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of a Broken or Risky Cryptographic Algorithm — Efficia CM SeriesCWE-327 5.9 Medium2021-12-27
CVE-2021-43548 Philips Patient Information Center iX (PIC iX) and Efficia CM Series Improper Input Validation — Patient Information Center iX (PIC iX)CWE-20 6.5 Medium2021-12-27
CVE-2021-43552 Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of Hard-coded Cryptographic Key — Patient Information Center iX (PIC iX)CWE-321 6.1 Medium2021-12-27
CVE-2021-32993 Philips IntelliBridge EC 40 and EC 80 Hub Use of Hard-coded Credentials — IntelliBridge EC 40 HubCWE-798 8.1 High2021-12-27

This page lists every published CVE security advisory associated with Philips. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.