CVE-2020-14518 - Vulnerability Details - OpenCVE

Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Philips	Dreammapper

Configuration 1 [-]

cpe:2.3:a:philips:dreammapper:*:*:*:*:*:iphone_os:*:*

Configuration 2 [-]

cpe:2.3:a:philips:dreammapper:*:*:*:*:*:android:*:*

No data.

References

Link	Providers
https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01
https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive

History

Wed, 04 Jun 2025 22:00:00 +0000

Type	Values Removed	Values Added
Title		Philips DreamMapper Insertion of Sensitive Information into Log File
References		https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2020-08-21T12:10:50

Updated: 2025-06-04T21:49:30.879Z

Reserved: 2020-06-19T00:00:00

Link: CVE-2020-14518

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-08-21T13:15:13.443

Modified: 2025-06-04T22:15:23.157

Link: CVE-2020-14518

Redhat

No data.

{"containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "DreamMapper", "vendor": "Philips", "versions": [{"lessThan": "Version 2.24", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lutz Weimann, Tim Hirschberg, Issam Hbib, and Florian Mommertz of SRC Security Research & Consulting GmbH reported this vulnerability to the Federal Office for Information Security (BSI), Germany, in the context of the BSI project eCare \u2013 Digitization in care reported this to Philips."}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker.</p>"}], "value": "Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert", "dateUpdated": "2025-06-04T21:49:30.879Z"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"}, {"url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>Philips plans a new release for the DreamMapper app by June 30, 2021, that remediates this vulnerability.</p><p>Users with questions regarding their specific Philips DreamMapper installations should contact a <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.usa.philips.com/healthcare/solutions/customer-service-solutions\">Philips service support team or regional service support</a>.</p>\n<p>The Philips advisory is available at the following URL: <a target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\">http://www.philips.com/productsecurity</a></p>Please see the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.philips.com/productsecurity\">Philips product security website</a> for the latest security information for Philips products."}], "value": "Philips plans a new release for the DreamMapper app by June 30, 2021, that remediates this vulnerability.\n\nUsers with questions regarding their specific Philips DreamMapper installations should contact a Philips service support team or regional service support https://www.usa.philips.com/healthcare/solutions/customer-service-solutions .\n\n\nThe Philips advisory is available at the following URL: http://www.philips.com/productsecurity \n\nPlease see the Philips product security website https://www.philips.com/productsecurity for the latest security information for Philips products."}], "source": {"advisory": "ICSMA-20-212-01", "discovery": "EXTERNAL"}, "title": "Philips DreamMapper Insertion of Sensitive Information into Log File", "x_generator": {"engine": "Vulnogram 0.2.0"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "ID": "CVE-2020-14518", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Philips DreamMapper", "version": {"version_data": [{"version_value": "Version 2.24 and prior"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "INSERTION OF SENSITIVE INFORMATION INTO LOG FILE CWE-532"}]}]}, "references": {"reference_data": [{"name": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01", "refsource": "MISC", "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:46:34.734Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2020-14518", "datePublished": "2020-08-21T12:10:50", "dateReserved": "2020-06-19T00:00:00", "dateUpdated": "2025-06-04T21:49:30.879Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philips:dreammapper:*:*:*:*:*:iphone_os:*:*", "matchCriteriaId": "1103BC77-0960-4F35-A2F6-F02E44B970BB", "versionEndIncluding": "2.24", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philips:dreammapper:*:*:*:*:*:android:*:*", "matchCriteriaId": "CA3EE58D-B635-45D5-AAEC-B071359FC55C", "versionEndIncluding": "2.24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Philips DreamMapper, Version 2.24 and prior. Information written to log files can give guidance to a potential attacker."}, {"lang": "es", "value": "Philips DreamMapper, versiones 2.24 y anteriores. Una informaci\u00f3n escrita en los archivos de registro puede brindar orientaci\u00f3n a un posible atacante."}], "id": "CVE-2020-14518", "lastModified": "2025-06-04T22:15:23.157", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-08-21T13:15:13.443", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"}, {"source": "ics-cert@hq.dhs.gov", "url": "https://www.philips.com/a-w/security/security-advisories/product-security-2020.html#2020_archive"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://us-cert.cisa.gov/ics/advisories/icsma-20-212-01"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-532"}], "source": "nvd@nist.gov", "type": "Primary"}]}