IcscertVULNRICHMENT:CVE-2023-40159CVE-2023-40159 Philips Vue PACS Exposure of Sensitive Information to an Unauthorized Actor
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/SC:N/VI:H/SI:N/VA:N/SA:N
AI Score
Confidence
Low
EPSS
Percentile
18.8%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information.
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:*"
],
"vendor": "philips",
"product": "vue_pacs",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "12.2.8.410",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/SC:N/VI:H/SI:N/VA:N/SA:N
AI Score
Confidence
Low
EPSS
Percentile
18.8%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial