Philips IntelliSpace Portal Unauthenticated Remote Code Execution Vulnerability via .NET Deserialization

Vulnerability

A deserialization vulnerability allowing unauthenticated remote code execution has been identified in the Philips IntelliSpace Portal application, version 12 and prior. This issue arises from the application's use of .NET Remoting, with the server's TypeFilterLevel set to Full, creating a dangerous configuration that can be exploited through port 755.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution on the server where IntelliSpace Portal is running.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

7.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

1.4

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

10.0

exploitability

7.0

remediation

8.3

relevance

0.0

threat

0.0

urgency

1.4

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Philips IntelliSpace Portal Unauthenticated Remote Code Execution Vulnerability via .NET Deserialization

Vulnerability

Impact

Affected Products

Philips IntelliSpace Portal

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating