CVE-2017-9656

Name of the Vulnerable Software and Affected Versions Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069

Description The Philips DoseWise Portal application has a security issue where the backend database uses hard-coded credentials for a database account. This account has privileges that can impact the confidentiality, integrity, and availability of the database. To exploit this, an attacker first needs elevated privileges to access the web application's backend system files, which contain the hard-coded credentials. If successfully exploited, a remote attacker may gain access to the database, which contains protected health information.

Recommendations For version 1.1.7.333, update to a version that does not use hard-coded credentials to prevent potential exploitation. For version 2.1.1.3069, update to a version that does not use hard-coded credentials to prevent potential exploitation. As a temporary workaround, consider restricting access to the backend system files to minimize the risk of exploitation.