CVE-2023-40704

EUVD-2023-45259
The product does not require unique and complex passwords to be created 
during installation. Using Philips's default password could jeopardize 
the PACS system if the password was hacked or leaked. An attacker could 
gain access to the database impacting system availability and data 
integrity.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
icscertCNA
6.8 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
Affected Products (NVD)
VendorProductVersion
philipsvue_pacs
𝑥
< 12.2.8.410
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.philips.com/productsecurity
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01
http://www.philips.com/productsecurity
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01