Philips Philips

  1. Vendors
  2. Philips

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Philips product.

RSS Feeds for Philips security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Philips products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Philips Sorted by Most Security Vulnerabilities since 2018

Philips Vue Pacs12 vulnerabilities

Philips Intellispace Portal11 vulnerabilities

Philips Clinical Collaboration Platform8 vulnerabilities

Philips Suresigns Vs4 Firmware3 vulnerabilities

Philips Stentboost Live1 vulnerability

Philips Viewforum1 vulnerability

Philips Interventional Workspot1 vulnerability

Philips Intellibridge Enterprise1 vulnerability

Philips Dynamic Coronary Roadmap1 vulnerability

Philips Dreammapper1 vulnerability

Philips Coronary Tools1 vulnerability

By the Year

In 2026 there have been 8 vulnerabilities in Philips. Last year, in 2025 Philips had 3 security vulnerabilities published. That is, 5 more vulnerabilities have already been reported in 2026 as compared to last year.




Year Vulnerabilities Average Score
2026 8 0.00
2025 3 0.00
2024 1 9.80
2023 1 7.50
2022 10 7.44
2021 6 7.10
2020 19 4.92
2019 4 4.90
2018 30 8.09

It may take a day or so for new Philips vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Philips Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-3562 Mar 13, 2026
Philips Hue Bridge hk_hap Ed25519 Auth Bypass via Signature Verification Flaw Philips Hue Bridge hk_hap Ed25519 Signature Verification Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ed25519_sign_open function. The issue results from improper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28480.
CVE-2026-3561 Mar 13, 2026
Philips Hue Bridge hk_hap Heap Overflow RCE via PUT Len Validation Bypass Philips Hue Bridge hk_hap characteristics Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of PUT requests to the characteristics endpoint. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28479.
CVE-2026-3560 Mar 13, 2026
Philips Hue Bridge HomeKit RCE via HK_HAP_PAIR_STORAGE_PUT Heap Overflow Philips Hue Bridge HomeKit hk_hap_pair_storage_put Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function of the HomeKit implementation, which listens on TCP port 8080 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28469.
CVE-2026-3559 Mar 13, 2026
Philips Hue Bridge HomeKit Auth Bypass via Static Nonce (CVE-2026-3559) Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the SRP authentication mechanism in the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. The issue results from the use of a static nonce value. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28451.
CVE-2026-3558 Mar 13, 2026
Philips Hue Bridge HAP Transient Pairing Auth Bypass (CVE-2026-3558) Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the HomeKit Accessory Protocol service, which listens on TCP port 8080 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-28374.
CVE-2026-3557 Mar 13, 2026
Philips Hue Bridge Heap-OVF in hap_pair_verify_handler (RCE) CVE-2026-3557 Philips Hue Bridge hap_pair_verify_handler Sub-TLV Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the hap_pair_verify_handler function of the hk_hap service, which listens on TCP port 8080 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-28337.
CVE-2026-3556 Mar 13, 2026
Philips Hue Bridge RCE via hk_hap_pair_storage_put Heap Overflow Philips Hue Bridge HomeKit Pair-Setup Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the hk_hap_pair_storage_put function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the HomeKit service. Was ZDI-CAN-28326.
CVE-2026-3555 Mar 13, 2026
PhL Hue Bridge Zigbee Heap Buffer Overflow RCE Vulnerability Philips Hue Bridge Zigbee Stack Custom Command Handler Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Philips Hue Bridge. User interaction is required to exploit this vulnerability in that the user must initiate the device pairing process. The specific flaw exists within the handling of custom Zigbee ZCL frames in the Model Info download functionality. The issue results from the lack of proper validation of the size of data prior to copying it to a fixed-size heap buffer. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28276.
CVE-2025-27955 Jun 02, 2025
Clin Collab Platform 12.2.1.5 LogOut Weak: Token Persists (CVE-2025-27955) Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.
Clinical Collaboration Platform
CVE-2025-27953 Jun 02, 2025
Clinical Collaboration Platform 12.2.1.5 Session Mgt RCE & Info Disclosure An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
Clinical Collaboration Platform
CVE-2025-27954 Jun 02, 2025
Remote code exec via usertoken in Clinical Collaboration Platform 12.2.1.5 An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
Clinical Collaboration Platform
CVE-2023-40704 Jul 18, 2024
Philips PACS Default Password Weakness Enables Unauthorized DB Access The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity.
Vue Pacs
CVE-2018-8863 Nov 09, 2023
Philips EncoreAnywhere HTTP Header Data Leak The HTTP header in Philips EncoreAnywhere contains data an attacker may be able to use to gain sensitive information.
Encoreanywhere
CVE-2021-39369 Dec 26, 2022
Philips Vue MyVue PACS <=12.2.x.x VideoStream Path Traversal Authenticated In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root.
Vue Motion
Vue Pacs
Speech
And others...
CVE-2021-32966 May 25, 2022
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.
Interoperability Solution Xds
CVE-2021-33024 Apr 01, 2022
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.
Myvue
Speech
Vue Motion
And others...
CVE-2021-33018 Apr 01, 2022
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.
Myvue
Speech
Vue Motion
And others...
CVE-2021-33022 Apr 01, 2022
Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Myvue
Speech
Vue Motion
And others...
CVE-2021-27501 Apr 01, 2022
Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.
Myvue
Speech
Vue Motion
And others...
CVE-2021-27493 Apr 01, 2022
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
Myvue
Speech
Vue Motion
And others...
CVE-2021-33020 Apr 01, 2022
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
Myvue
Speech
Vue Motion
And others...
CVE-2021-27497 Apr 01, 2022
Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.
Myvue
Speech
Vue Motion
And others...
CVE-2021-23173 Jan 10, 2022
The affected product is vulnerable to an improper access control, which may The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data.
Engage
CVE-2021-43552 Dec 27, 2021
The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.
Patient Information Center Ix
CVE-2021-43550 Dec 27, 2021
The use of a broken or risky cryptographic algorithm is an unnecessary risk The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.
Patient Information Center Ix
CVE-2021-43548 Dec 27, 2021
Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
Patient Information Center Ix
CVE-2021-39375 Aug 24, 2021
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the WAdvancedFilter/getDimensionItemsByCode FilterValue parameter.
Tasy Electronic Medical Record
CVE-2021-39376 Aug 24, 2021
Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 Philips Healthcare Tasy Electronic Medical Record (EMR) 3.06 allows SQL injection via the CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter.
Tasy Electronic Medical Record
CVE-2020-27298 Jan 26, 2021
Philips Interventional Workspot (Release 1.3.2 Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5), Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0), ViewForum (Release 6.3V1L10). The software constructs all or part of an OS command using externally influenced input from an upstream component but does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when sent to a downstream component.
Viewforum
Coronary Tools
Dynamic Coronary Roadmap
And others...
CVE-2020-16247 Sep 18, 2020
Philips Clinical Collaboration Platform Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Clinical Collaboration Platform
CVE-2020-14525 Sep 18, 2020
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users.
Clinical Collaboration Platform
CVE-2020-14506 Sep 18, 2020
Philips Clinical Collaboration Platform, Versions 12.2.1 and prior Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
Clinical Collaboration Platform
CVE-2020-16200 Sep 18, 2020
Philips Clinical Collaboration Platform Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
Clinical Collaboration Platform
CVE-2020-16198 Sep 18, 2020
When an attacker claims to have a given identity When an attacker claims to have a given identity, Philips Clinical Collaboration Platform, Versions 12.2.1 and prior, does not prove or insufficiently proves the claim is correct.
Clinical Collaboration Platform
CVE-2020-16224 Sep 11, 2020
In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field In Patient Information Center iX (PICiX) Versions C.02, C.03, the software parses a formatted message or structure but does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data, causing the application on the surveillance station to restart.
Patient Information Center Ix
CVE-2020-16220 Sep 11, 2020
In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling.
Performancebridge Focal Point
Patient Information Center Ix
CVE-2020-16216 Sep 11, 2020
In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates In IntelliVue patient monitors MX100, MX400-550, MX600, MX700, MX750, MX800, MX850, MP2-MP90, and IntelliVue X2 and X3 Versions N and prior, the product receives input or data but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly, which can induce a denial-of-service condition through a system restart.
Performancebridge Focal Point
Patient Information Center Ix
CVE-2020-16212 Sep 11, 2020
In Patient Information Center iX (PICiX) Versions B.02 In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges.
Patient Information Center Ix
CVE-2020-16214 Sep 11, 2020
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software saves user-provided information into a comma-separated value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software.
Patient Information Center Ix
CVE-2020-16218 Sep 11, 2020
In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is then used as a webpage and served to other users. Successful exploitation could lead to unauthorized access to patient data via a read-only web application.
Patient Information Center Ix
CVE-2020-16222 Sep 11, 2020
In Patient Information Center iX (PICiX) Version B.02 In Patient Information Center iX (PICiX) Version B.02, C.02, C.03, and PerformanceBridge Focal Point Version A.01, when an actor claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.
Performancebridge Focal Point
Patient Information Center Ix
CVE-2020-16228 Sep 11, 2020
In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate In Patient Information Center iX (PICiX) Versions C.02 and C.03, PerformanceBridge Focal Point Version A.01, IntelliVue patient monitors MX100, MX400-MX550, MX750, MX850, and IntelliVue X3 Versions N and prior, the software does not check or incorrectly checks the revocation status of a certificate, which may cause it to use a compromised certificate.
Performancebridge Focal Point
Patient Information Center Ix
CVE-2020-14518 Aug 21, 2020
Philips DreamMapper, Version 2.24 and prior Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.
Dreammapper
CVE-2020-16241 Aug 21, 2020
Philips SureSigns VS4, A.07.107 and prior does not restrict or incorrectly restricts access to a resource Philips SureSigns VS4, A.07.107 and prior does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Suresigns Vs4 Firmware
CVE-2020-16239 Aug 21, 2020
When an actor claims to have a given identity When an actor claims to have a given identity, Philips SureSigns VS4, A.07.107 and prior does not prove or insufficiently proves the claim is correct.
Suresigns Vs4 Firmware
CVE-2020-16237 Aug 21, 2020
Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates Philips SureSigns VS4, A.07.107 and prior receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.
Suresigns Vs4 Firmware
CVE-2020-7360 Aug 13, 2020
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was released after April 15, 2020. (Note, the version numbering system changed significantly between version 4.3.15 and version 1.0.7.)
CVE-2020-12023 Jun 11, 2020
Philips IntelliBridge Enterprise (IBE) Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, IntelliBridge Enterprise system integration with SureSigns (VS4), EarlyVue (VS30) and IntelliVue Guardian (IGS). Unencrypted user credentials received in the IntelliBridge Enterprise (IBE) are logged within the transaction logs, which are secured behind the login based administrative web portal. The unencrypted user credentials sent from the affected products listed above, for the purpose of handshake or authentication with the Enterprise Systems, are logged as the payload in IntelliBridge Enterprise (IBE) within the transaction logs. An attacker with administrative privileges could exploit this vulnerability to read plain text credentials from log files.
Intellibridge Enterprise
CVE-2019-13557 Nov 08, 2019
In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may In Tasy EMR, Tasy WebPortal Versions 3.02.1757 and prior, there is an information exposure vulnerability which may allow a remote attacker to access system and configuration information.
Tasy Emr
Tasy Webportal
CVE-2019-13546 Oct 25, 2019
In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out In IntelliSpace Perinatal, Versions K and prior, a vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system.
Intellispace Perinatal
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.