CVE-2021-43550

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.

CVSS v3 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:philips:patient_information_center_ix:c.02:::::::*
	cpe:2.3:a:philips:patient_information_center_ix:c.03:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:philips:efficia_cm_firmware::::::::
	cpe:2.3:o:philips:efficia_cm_firmware:4.0:::::::*

cpe:2.3:h:philips:efficia_cm:-:*:*:*:*:*:*:*

History

12 Jan 2022, 13:48

Type	Values Removed	Values Added
CPE		cpe:2.3:a:philips:patient_information_center_ix:c.03:::::::* cpe:2.3:o:philips:efficia_cm_firmware:::::::: cpe:2.3:a:philips:patient_information_center_ix:c.02:::::::* cpe:2.3:h:philips:efficia_cm:-:::::::* cpe:2.3:o:philips:efficia_cm_firmware:4.0:::::::*
References	~~(MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02 -~~	(MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02 - Third Party Advisory, US Government Resource
First Time		Philips Philips efficia Cm Philips patient Information Center Ix Philips efficia Cm Firmware
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 3.3 v3 : 6.5
CWE		CWE-327

27 Dec 2021, 19:38

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-12-27 19:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-43550

Mitre link : CVE-2021-43550

CVE.ORG link : CVE-2021-43550

JSON object : View

Products Affected

philips

efficia_cm_firmware
efficia_cm
patient_information_center_ix

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

3.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-43550

6.5^/10

3.3^/10

Attach tags to `CVE-2021-43550`