CVE-2022-0922

ICSMA-22-088-01 Philips e-Alert

Description

The software does not perform any authentication for critical system functionality.

Remediation

Workaround:

  • Users should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only authorized personnel should be permitted to access the network and the devices connected to it. Users with questions about their specific e-Alert product should contact a Philips service support team or regional service support. Users can also reference the Philips advisory for more details.

Category

6.5
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.04%
Third-Party Advisory cisa.gov
Affected: Philips e-Alert
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/uscert/ics/advisories/icsma-22-088-01 mitigation third party advisory us government resource

Frequently Asked Questions

What is the severity of CVE-2022-0922?
CVE-2022-0922 has been scored as a medium severity vulnerability.
How to fix CVE-2022-0922?
As a workaround for remediating CVE-2022-0922: Users should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only authorized personnel should be permitted to access the network and the devices connected to it. Users with questions about their specific e-Alert product should contact a Philips service support team or regional service support. Users can also reference the Philips advisory for more details.
Is CVE-2022-0922 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2022-0922 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-0922?
CVE-2022-0922 affects Philips e-Alert.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.