CVE-2021-27456

Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.

CVSS v3 2.4 LOW
CVSS v2.0 2.1 LOW

2.4^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 1.4

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01	Third Party Advisory US Government Resource
https://www.philips.com/productsecurity	Product

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:phillips:gemini_882300_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:phillips:gemini_882300:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:phillips:gemini_882160_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:phillips:gemini_882160:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:phillips:gemini_882400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:phillips:gemini_882400:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:phillips:gemini_882390_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:phillips:gemini_882390:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:phillips:gemini_882410_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:phillips:gemini_882410:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:phillips:gemini_882412_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:phillips:gemini_882412:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:phillips:gemini_882473_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:phillips:gemini_882473:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:phillips:gemini_882470_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:phillips:gemini_882470:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:phillips:gemini_882471_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:phillips:gemini_882471:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:phillips:gemini_882476_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:phillips:gemini_882476:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:phillips:truflight_882438_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:phillips:truflight_882438:-:*:*:*:*:*:*:*

History

12 Apr 2022, 18:09

Type	Values Removed	Values Added
CWE		CWE-922
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 2.1 v3 : 2.4
First Time		Phillips gemini 882390 Phillips gemini 882471 Firmware Phillips gemini 882473 Firmware Phillips gemini 882160 Firmware Phillips gemini 882390 Firmware Phillips gemini 882412 Firmware Phillips gemini 882471 Phillips Phillips gemini 882410 Firmware Phillips gemini 882160 Phillips gemini 882410 Phillips gemini 882300 Phillips gemini 882476 Phillips gemini 882470 Phillips gemini 882473 Phillips truflight 882438 Phillips gemini 882400 Phillips gemini 882412 Phillips gemini 882470 Firmware Phillips gemini 882300 Firmware Phillips gemini 882400 Firmware Phillips gemini 882476 Firmware Phillips truflight 882438 Firmware
CPE		cpe:2.3:o:phillips:gemini_882471_firmware:-:::::::* cpe:2.3:h:phillips:gemini_882300:-:::::::* cpe:2.3:h:phillips:gemini_882160:-:::::::* cpe:2.3:h:phillips:gemini_882412:-:::::::* cpe:2.3:o:phillips:gemini_882160_firmware:-:::::::* cpe:2.3:h:phillips:gemini_882471:-:::::::* cpe:2.3:o:phillips:gemini_882300_firmware:-:::::::* cpe:2.3:o:phillips:gemini_882390_firmware:-:::::::* cpe:2.3:h:phillips:gemini_882473:-:::::::* cpe:2.3:o:phillips:gemini_882473_firmware:-:::::::* cpe:2.3:o:phillips:gemini_882410_firmware:-:::::::* cpe:2.3:h:phillips:gemini_882400:-:::::::* cpe:2.3:h:phillips:gemini_882476:-:::::::* cpe:2.3:o:phillips:gemini_882470_firmware:-:::::::* cpe:2.3:h:phillips:truflight_882438:-:::::::* cpe:2.3:o:phillips:gemini_882400_firmware:-:::::::* cpe:2.3:o:phillips:gemini_882412_firmware:-:::::::* cpe:2.3:h:phillips:gemini_882410:-:::::::* cpe:2.3:h:phillips:gemini_882470:-:::::::* cpe:2.3:o:phillips:truflight_882438_firmware:-:::::::* cpe:2.3:o:phillips:gemini_882476_firmware:-:::::::* cpe:2.3:h:phillips:gemini_882390:-:::::::*
References	~~(CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01 -~~	(CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01 - Third Party Advisory, US Government Resource
References	~~(CONFIRM) https://www.philips.com/productsecurity -~~	(CONFIRM) https://www.philips.com/productsecurity - Product

23 Mar 2022, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-03-23 20:15

Updated : 2023-12-10 14:22

NVD link : CVE-2021-27456

Mitre link : CVE-2021-27456

CVE.ORG link : CVE-2021-27456

JSON object : View

Products Affected

phillips

gemini_882390_firmware
gemini_882470
gemini_882160
gemini_882471_firmware
gemini_882300_firmware
gemini_882400
gemini_882390
truflight_882438_firmware
gemini_882410_firmware
gemini_882412
gemini_882473
gemini_882410
gemini_882300
truflight_882438
gemini_882470_firmware
gemini_882412_firmware
gemini_882160_firmware
gemini_882400_firmware
gemini_882473_firmware
gemini_882476_firmware
gemini_882476
gemini_882471

CWE

CWE-922

Insecure Storage of Sensitive Information

CWE-921

Storage of Sensitive Data in a Mechanism without Access Control

2.4 /10

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-27456

2.4^/10

2.1^/10

Attach tags to `CVE-2021-27456`