CVE-2023-40704

EPSS 0.06%
Veröffentlicht 18.07.2024 17:15:03
Zuletzt bearbeitet 09.04.2025 21:16:24
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

The product does not require unique and complex passwords to be created 
during installation. Using Philips's default password could jeopardize 
the PACS system if the password was hacked or leaked. An attacker could 
gain access to the database impacting system availability and data 
integrity.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Philips ≫ Vue Pacs Version < 12.2.8.410

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.17

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ics-cert@hq.dhs.gov	5.7	0	0	CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
ics-cert@hq.dhs.gov	6.8	0.9	5.9	CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE-1392 Use of Default Credentials

The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.

http://www.philips.com/productsecurity

Product

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2023-40704

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-40704

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-40704

EUVD