CVE-2020-27298 MEDIUM

CVE-2020-27298: Philips Interventional Workstations OS Command Injection

Vendor Philips

Product Interventional Workspot

Weakness CWE-78

Published January 20, 2021

Last update June 4, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.

Key dates

02Disclosure timeline

January 20, 2021 CVE published

June 4, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-27298

Related vulnerabilities

Identifiers

CVE CVE-2020-27298

CWE CWE-78

CVSS 6.5 / MEDIUM

Affected versions

Vendor Philips

Product Interventional Workspot

Affected Release 1.3.2

Vendor Philips

Product Interventional Workspot

Affected Release 1.4.0

Vendor Philips

Product Interventional Workspot

Affected Release 1.4.1

Vendor Philips

Product Interventional Workspot

Affected Release 1.4.3

Vendor Philips

Product Interventional Workspot

Affected Release 1.4.5

Vendor Philips

Product Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live

Affected Release 1.0

Vendor Philips

Product ViewForum

Affected Release 6.3V1L10

CVE-2020-27298: Philips Interventional Workstations OS Command Injection

01Description

02Disclosure timeline

03References

04Related CVE