CVE-2023-40704

EPSS 0.06%
Published 18.07.2024 17:15:03
Last modified 09.04.2025 21:16:24
Source ics-cert@hq.dhs.gov
Teams watchlist Login
Open Login

The product does not require unique and complex passwords to be created 
during installation. Using Philips's default password could jeopardize 
the PACS system if the password was hacked or leaked. An attacker could 
gain access to the database impacting system availability and data 
integrity.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Philips ≫ Vue Pacs Version < 12.2.8.410

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.17

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ics-cert@hq.dhs.gov	5.7	0	0	CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ics-cert@hq.dhs.gov	6.8	0.9	5.9	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-1392 Use of Default Credentials

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

http://www.philips.com/productsecurity

Product

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-40704

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40704

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40704

EUVD