CVE-2021-33024

EUVD-2021-19745
Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
icscertCNA
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Affected Products (NVD)
VendorProductVersion
philipsmyvue
𝑥
< 12.2.1.5
philipsspeech
𝑥
< 12.2.8.0
philipsvue_motion
𝑥
< 12.2.1.5
philipsvue_pacs
𝑥
< 12.2.8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.philips.com/productsecurity
https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01
http://www.philips.com/productsecurity
https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01