Lucene search

IcscertCVELIST:CVE-2023-40223

HistoryJul 18, 2024 - 4:23 p.m.

CVE-2023-40223 Philips Vue PACS Improper Privilege Management

2024-07-1816:23:18

CWE-269

icscert

www.cve.org

philips vue pacs

cve-2023-40223

privilege management

improper

security issue

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS4

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/SC:N/VI:L/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

20.0%

JSON

Philips Vue PACS does not properly assign, modify, track, or check actor privileges, creating an unintended sphere of control for that actor.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Vue PACS",
    "vendor": "Philips",
    "versions": [
      {
        "lessThan": "12.2.8.410",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.philips.com/productsecurity

www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS4

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/SC:N/VI:L/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

20.0%

JSON

Related for CVELIST:CVE-2023-40223