Lucene search

IcscertCVELIST:CVE-2023-40704

HistoryJul 18, 2024 - 4:33 p.m.

CVE-2023-40704 Philips Vue PACS Use of Default Credentials

2024-07-1816:33:27

CWE-1392

icscert

www.cve.org

philips vue pacs

default credentials

vulnerability

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS4

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

39.7%

JSON

Philips Vue PACS uses default credentials for potentially critical functionality.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Vue PACS",
    "vendor": "Philips",
    "versions": [
      {
        "lessThan": "12.2.8.410",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.philips.com/productsecurity

www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01

CVSS3

7.1

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVSS4

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:N/SA:N

EPSS

0.001

Percentile

39.7%

JSON

Related for CVELIST:CVE-2023-40704