- What is the severity of CVE-2020-14477?
- CVE-2020-14477 has been scored as a low severity vulnerability.
- How to fix CVE-2020-14477?
- To fix CVE-2020-14477: Philips released Ultrasound EPIQ/Affiniti Version VM6.0 in April 2020 and recommends users with the Ultrasound EPIQ/Affiniti systems to contact their local Philips service support team, or regional service support for installation information. Philips is currently planning the following new releases: * Ultrasound ClearVue Version 3.3 release in Q4 2020 * Ultrasound CX Version 5.0.3 release in Q4 2020 * Ultrasound Sparq Version 3.0.3 release in Q4 2020 As an interim mitigation to this vulnerability, Philips recommends customers ensure service providers can guarantee installed device integrity during all service and repair operations. Users with questions regarding their specific Ultrasound installation should contact the Philips service support team or regional service support. Users can contact Philips customer service https://www.usa.philips.com/healthcare/solutions/customer-service-solutions , and find more details in the Philips advisory http://www.philips.com/productsecurity (external link). Please see the Philips product security website http://www.philips.com/productsecurity for the latest security information for Philips products.
- Is CVE-2020-14477 being actively exploited in the wild?
- As for now, there are no information to confirm that CVE-2020-14477 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
- What software or system is affected by CVE-2020-14477?
- CVE-2020-14477 affects Philips Ultrasound ClearVue, Philips Ultrasound CX, Philips Ultrasound EPIQ/Affiniti, Philips Ultrasound Sparq, Philips Ultrasound Xperius.