Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.
References
| Link | Resource |
|---|---|
| http://www.philips.com/productsecurity | Vendor Advisory |
| https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01 | Mitigation Third Party Advisory US Government Resource |
Configurations
Configuration 1 (hide)
|
History
08 Apr 2022, 20:44
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-522 | |
| CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
| References | (CONFIRM) https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01 - Mitigation, Third Party Advisory, US Government Resource | |
| References | (CONFIRM) http://www.philips.com/productsecurity - Vendor Advisory | |
| CPE | cpe:2.3:a:philips:speech:*:*:*:*:*:*:*:* cpe:2.3:a:philips:myvue:*:*:*:*:*:*:*:* cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:* cpe:2.3:a:philips:vue_motion:*:*:*:*:*:*:*:* |
|
| First Time |
Philips
Philips vue Pacs Philips myvue Philips speech Philips vue Motion |
01 Apr 2022, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2022-04-01 23:15
Updated : 2023-12-10 14:22
NVD link : CVE-2021-33024
Mitre link : CVE-2021-33024
CVE.ORG link : CVE-2021-33024
JSON object : View
Products Affected
philips
- speech
- vue_pacs
- myvue
- vue_motion
CWE
CWE-522
Insufficiently Protected Credentials