MEDIUM🇵🇱 Wersja polska

CVE-2023-40704

CVSS 5.7v4.0pub. 2024-07-18upd. 2025-04-09

The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity.

CVSS Vector
CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Philips Vue Pacs

    APP
    Philips
    < 12.2.8.410
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2021-33020HIGH8.2ten sam produkt

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, wh...

CVE-2021-33022HIGH7.5ten sam produkt

Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a c...

CVE-2021-27501HIGH7.5ten sam produkt

Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can l...

CVE-2021-33018HIGH7.5ten sam produkt

The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unn...

CVE-2021-39369MEDIUM6.5ten sam produkt

In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Travers...