CVE-2023-40704

The product does not require unique and complex passwords to be created 
during installation. Using Philips's default password could jeopardize 
the PACS system if the password was hacked or leaked. An attacker could 
gain access to the database impacting system availability and data 
integrity.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
icscertCNA
6.8 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 15%
VendorProductVersion
philipsvue_pacs
𝑥
< 12.2.8.410
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.philips.com/productsecurity
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01
http://www.philips.com/productsecurity
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01