CVE-2021-27493

EPSS 0.16%
Published 01.04.2022 23:15:09
Last modified 17.04.2025 16:15:22
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Philips ≫ Myvue Version < 12.2.1.5

Philips ≫ Speech Version < 12.2.8.0

Philips ≫ Vue Motion Version < 12.2.1.5

Philips ≫ Vue Pacs Version < 12.2.8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.16%	0.381

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
ics-cert@hq.dhs.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-707 Improper Neutralization

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

http://www.philips.com/productsecurity

Vendor Advisory

https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2021-27493

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27493

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27493

EUVD