CVE-2021-27493

EPSS 0.16%
Veröffentlicht 01.04.2022 23:15:09
Zuletzt bearbeitet 17.04.2025 16:15:22
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Philips ≫ Myvue Version < 12.2.1.5

Philips ≫ Speech Version < 12.2.8.0

Philips ≫ Vue Motion Version < 12.2.1.5

Philips ≫ Vue Pacs Version < 12.2.8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.381

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N
ics-cert@hq.dhs.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-707 Improper Neutralization

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

http://www.philips.com/productsecurity

Vendor Advisory

https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2021-27493

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-27493

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-27493

EUVD