Lucene search

IcscertVULNRICHMENT:CVE-2023-40539

HistoryJul 18, 2024 - 4:29 p.m.

CVE-2023-40539 Philips Vue PACS Weak Password Requirements

2024-07-1816:29:27

CWE-521

icscert

github.com

philips vue pacs

weak password requirements

compromise user accounts

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS4

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/SC:N/VI:L/SI:N/VA:N/SA:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

37.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts.

CNA Affected

[
  {
    "vendor": "Philips",
    "product": "Vue PACS",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "12.2.8.410",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

www.philips.com/productsecurity

www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CVSS4

4.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/SC:N/VI:L/SI:N/VA:N/SA:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

37.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-40539