Lucene search

IcscertCVE-2021-43550

HistoryDec 27, 2021 - 7:15 p.m.

CVE-2021-43550

2021-12-2719:15:08

CWE-327

icscert

web.nvd.nist.gov

cve-2021-43550

cryptographic algorithm

risk

sensitive information

pic ix

efficia cm series

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.

Affected configurations

Nvd

Node

philipspatient_information_center_ixMatchc.02

philipspatient_information_center_ixMatchc.03

Node

philipsefficia_cmMatch-

AND

philipsefficia_cm_firmwareRangea.01–c.0x

philipsefficia_cm_firmwareMatch4.0

VendorProductVersionCPE
philipspatient_information_center_ixc.02cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*
philipspatient_information_center_ixc.03cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*
philipsefficia_cm-cpe:2.3:h:philips:efficia_cm:-:*:*:*:*:*:*:*
philipsefficia_cm_firmware*cpe:2.3:o:philips:efficia_cm_firmware:*:*:*:*:*:*:*:*
philipsefficia_cm_firmware4.0cpe:2.3:o:philips:efficia_cm_firmware:4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
philips	patient_information_center_ix	c.02	cpe:2.3:a:philips:patient_information_center_ix:c.02:::::::*
philips	patient_information_center_ix	c.03	cpe:2.3:a:philips:patient_information_center_ix:c.03:::::::*
philips	efficia_cm	-	cpe:2.3:h:philips:efficia_cm:-:::::::*
philips	efficia_cm_firmware	*	cpe:2.3:o:philips:efficia_cm_firmware::::::::
philips	efficia_cm_firmware	4.0	cpe:2.3:o:philips:efficia_cm_firmware:4.0:::::::*

CNA Affected

[
  {
    "product": "Efficia CM Series",
    "vendor": "Philips",
    "versions": [
      {
        "status": "affected",
        "version": "4.0"
      },
      {
        "lessThanOrEqual": "C.0x",
        "status": "affected",
        "version": "A.01",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Patient Information Center iX (PIC iX)",
    "vendor": "Philips",
    "versions": [
      {
        "status": "affected",
        "version": "C.02"
      },
      {
        "status": "affected",
        "version": "C.03"
      }
    ]
  }
]

References

www.cisa.gov/uscert/ics/advisories/icsma-21-322-02

CVSS2

3.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:A/AC:L/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

29.4%

JSON

Related for CVE-2021-43550