CVE-2021-33024

Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
icscertCNA
3.7 LOW
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
philipsmyvue
𝑥
< 12.2.1.5
philipsspeech
𝑥
< 12.2.8.0
philipsvue_motion
𝑥
< 12.2.1.5
philipsvue_pacs
𝑥
< 12.2.8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.philips.com/productsecurity
https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01
http://www.philips.com/productsecurity
https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01