CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-0922 – ICSMA-22-088-01 Philips e-Alert
https://notcve.org/view.php?id=CVE-2022-0922
01 Apr 2022 — The software does not perform any authentication for critical system functionality. El software no lleva a cabo ninguna autenticación para la funcionalidad crítica del sistema • https://www.cisa.gov/uscert/ics/advisories/icsma-22-088-01 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33018 – Philips Vue PACS Use of a Broken or Risky Cryptographic Algorithm
https://notcve.org/view.php?id=CVE-2021-33018
01 Apr 2022 — The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information. El uso de un algoritmo criptográfico roto o arriesgado en Philips Vue PACS versiones 12.2.x.x y anteriores, es un riesgo innecesario que puede resultar en una exposición de información confidencial • http://www.philips.com/productsecurity • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33022 – Philips Vue PACS Cleartext Transmission of Sensitive Information
https://notcve.org/view.php?id=CVE-2021-33022
01 Apr 2022 — Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Philips Vue PACS versiones 12.2.x.x y anteriores, transmite datos confidenciales o críticos para la seguridad en texto sin cifrar en un canal de comunicación que puede ser rastreado por actores no autorizados • http://www.philips.com/productsecurity • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27497 – Philips Vue PACS Protection Mechanism Failure
https://notcve.org/view.php?id=CVE-2021-27497
01 Apr 2022 — Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. Philips Vue PACS versiones 12.2.x.x y anteriores, no usa o usa de forma incorrecta un mecanismo de protección que proporciona una defensa suficiente contra los ataques dirigidos contra el producto • http://www.philips.com/productsecurity •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33024 – Philips Vue PACS Insufficiently Protected Credentials
https://notcve.org/view.php?id=CVE-2021-33024
01 Apr 2022 — Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. Philips Vue PACS versiones 12.2.x.x y anteriores, transmite o almacena credenciales de autenticación, pero usa un método no seguro susceptible de ser interceptado y/o recuperado sin autorización • http://www.philips.com/productsecurity • CWE-522: Insufficiently Protected Credentials •
CVSS: 8.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-33020 – Philips Vue PACS Use of a Key Past its Expiration Date
https://notcve.org/view.php?id=CVE-2021-33020
01 Apr 2022 — Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. Philips Vue PACS versiones 12.2.x.x y anteriores, de usan una clave criptográfica o una contraseña que ya ha caducado, lo que disminuye significativamente su seguridad al aumentar la ventana de tiempo para los ataques de cracking contra esa clave • http://www.philips.com/productsecurity • CWE-324: Use of a Key Past its Expiration Date CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27501 – Philips Vue PACS Improper Adherence to Coding Standards
https://notcve.org/view.php?id=CVE-2021-27501
01 Apr 2022 — Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. Philips Vue PACS versiones 12.2.x.x y anteriores, no siguen determinadas reglas de codificación para el desarrollo, lo que puede conllevar a debilidades resultantes o aumentar la gravedad de las vulnerabilidades asociadas • http://www.philips.com/productsecurity • CWE-710: Improper Adherence to Coding Standards •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-27493 – Philips Vue PACS
https://notcve.org/view.php?id=CVE-2021-27493
01 Apr 2022 — Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. Philips Vue PACS versiones 12.2.x.x y anteriores, no asegura o asegura incorrectamente que los mensajes o datos estructurados estén bien formados y que sean cumplidas determinadas propiedades de seguridad antes de ser leídos desde un componente ascendente o e... • http://www.philips.com/productsecurity •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-23173 – ICSMA-22-006-01 Philips Engage Software
https://notcve.org/view.php?id=CVE-2021-23173
07 Jan 2022 — The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data. El producto afectado es vulnerable a un control de acceso inapropiado, que puede permitir a un usuario autenticado conseguir acceso no autorizado a datos confidenciales • https://www.cisa.gov/uscert/ics/advisories/icsma-22-006-01 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-43550 – Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of a Broken or Risky Cryptographic Algorithm
https://notcve.org/view.php?id=CVE-2021-43550
27 Dec 2021 — The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0. El uso de un algoritmo criptográfico roto o arriesgado es un riesgo no necesario que puede resultar en una exposición de información confidencial, que afecta a las comunicaciones entre Patient Information Center iX (PIC i... • https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •