CVE-2023-40704

EUVD-2023-45259
The product does not require unique and complex passwords to be created 
during installation. Using Philips's default password could jeopardize 
the PACS system if the password was hacked or leaked. An attacker could 
gain access to the database impacting system availability and data 
integrity.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
ADJACENT_NETWORK
LOW
HIGH
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
philipsvue_pacs
𝑥
< 12.2.8.410
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
philipsvue_pacs
𝑥
< 12.2.8.410
ADP
Common Weakness Enumeration
References
http://www.philips.com/productsecurity
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01
http://www.philips.com/productsecurity
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01