CVE-2023-40704 – Philips Vue PACS Use of Default Credentials
https://notcve.org/view.php?id=CVE-2023-40704
Philips Vue PACS uses default credentials for potentially critical functionality. Philips Vue PACS utiliza credenciales predeterminadas para funciones potencialmente críticas. • http://www.philips.com/productsecurity https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01 • CWE-1392: Use of Default Credentials •
CVE-2023-40539 – Philips Vue PACS Weak Password Requirements
https://notcve.org/view.php?id=CVE-2023-40539
Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts. Philips Vue PACS no requiere que los usuarios tengan contraseñas seguras, lo que podría facilitar que los atacantes comprometan las cuentas de los usuarios. • http://www.philips.com/productsecurity https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01 • CWE-521: Weak Password Requirements •
CVE-2023-40223 – Philips Vue PACS Improper Privilege Management
https://notcve.org/view.php?id=CVE-2023-40223
Philips Vue PACS does not properly assign, modify, track, or check actor privileges, creating an unintended sphere of control for that actor. Philips Vue PACS no asigna, modifica, rastrea ni verifica adecuadamente los privilegios de los actores, lo que crea una esfera de control no deseada para ese actor. • http://www.philips.com/productsecurity https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01 • CWE-269: Improper Privilege Management •
CVE-2023-40159 – Philips Vue PACS Exposure of Sensitive Information to an Unauthorized Actor
https://notcve.org/view.php?id=CVE-2023-40159
A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information. Un usuario validado que no esté autorizado explícitamente para tener acceso a cierta información confidencial podría acceder a Philips Vue PACS en la misma red para exponer esa información. • http://www.philips.com/productsecurity https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-39369
https://notcve.org/view.php?id=CVE-2021-39369
In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root. En Philips (anteriormente Carestream) Vue MyVue PACS hasta 12.2.xx, la función VideoStream permite que usuarios autenticados realicen Path Traversal para acceder a archivos almacenados fuera de la raíz web. • https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01 https://www.usa.philips.com/healthcare https://www.youtube.com/watch?v=7zC84TNpIxw • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •