8.2

CVE-2021-33020

Philips Vue PACS Use of a Key Past its Expiration Date

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhilipsMyvue Version < 12.2.1.5
PhilipsSpeech Version < 12.2.8.0
PhilipsVue Motion Version < 12.2.1.5
PhilipsVue Pacs Version < 12.2.8.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.22% 0.447
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
ics-cert@hq.dhs.gov 8.2 3.9 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE-324 Use of a Key Past its Expiration Date

The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

CWE-672 Operation on a Resource after Expiration or Release

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01
Third Party Advisory
US Government Resource
Mitigation