CVE-2021-27456
Philips Gemini PET/CT Storage of Sensitive Data in a Mechanism Without Access Control
Severity Score
2.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.
El software de la familia Philips Gemini PET/CT, almacena información confidencial en un dispositivo de medios extraíbles que no presenta un control de acceso incorporado
*Credits:
Jean GEORGE – CHU UCL Namur – Nuclear medicine department reported this vulnerability to Philips.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-02-19 CVE Reserved
- 2022-03-23 CVE Published
- 2023-10-14 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-921: Storage of Sensitive Data in a Mechanism without Access Control
- CWE-922: Insecure Storage of Sensitive Information
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01 | Third Party Advisory | |
| https://www.philips.com/productsecurity | Product |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phillips Search vendor "Phillips" | Gemini 882300 Firmware Search vendor "Phillips" for product "Gemini 882300 Firmware" | - | - |
Affected
| in | Phillips Search vendor "Phillips" | Gemini 882300 Search vendor "Phillips" for product "Gemini 882300" | - | - |
Safe
|
| Phillips Search vendor "Phillips" | Gemini 882160 Firmware Search vendor "Phillips" for product "Gemini 882160 Firmware" | - | - |
Affected
| in | Phillips Search vendor "Phillips" | Gemini 882160 Search vendor "Phillips" for product "Gemini 882160" | - | - |
Safe
|
| Phillips Search vendor "Phillips" | Gemini 882400 Firmware Search vendor "Phillips" for product "Gemini 882400 Firmware" | - | - |
Affected
| in | Phillips Search vendor "Phillips" | Gemini 882400 Search vendor "Phillips" for product "Gemini 882400" | - | - |
Safe
|
| Phillips Search vendor "Phillips" | Gemini 882390 Firmware Search vendor "Phillips" for product "Gemini 882390 Firmware" | - | - |
Affected
| in | Phillips Search vendor "Phillips" | Gemini 882390 Search vendor "Phillips" for product "Gemini 882390" | - | - |
Safe
|
| Phillips Search vendor "Phillips" | Gemini 882410 Firmware Search vendor "Phillips" for product "Gemini 882410 Firmware" | - | - |
Affected
| in | Phillips Search vendor "Phillips" | Gemini 882410 Search vendor "Phillips" for product "Gemini 882410" | - | - |
Safe
|
| Phillips Search vendor "Phillips" | Gemini 882412 Firmware Search vendor "Phillips" for product "Gemini 882412 Firmware" | - | - |
Affected
| in | Phillips Search vendor "Phillips" | Gemini 882412 Search vendor "Phillips" for product "Gemini 882412" | - | - |
Safe
|
| Phillips Search vendor "Phillips" | Gemini 882473 Firmware Search vendor "Phillips" for product "Gemini 882473 Firmware" | - | - |
Affected
| in | Phillips Search vendor "Phillips" | Gemini 882473 Search vendor "Phillips" for product "Gemini 882473" | - | - |
Safe
|
| Phillips Search vendor "Phillips" | Gemini 882470 Firmware Search vendor "Phillips" for product "Gemini 882470 Firmware" | - | - |
Affected
| in | Phillips Search vendor "Phillips" | Gemini 882470 Search vendor "Phillips" for product "Gemini 882470" | - | - |
Safe
|
| Phillips Search vendor "Phillips" | Gemini 882471 Firmware Search vendor "Phillips" for product "Gemini 882471 Firmware" | - | - |
Affected
| in | Phillips Search vendor "Phillips" | Gemini 882471 Search vendor "Phillips" for product "Gemini 882471" | - | - |
Safe
|
| Phillips Search vendor "Phillips" | Gemini 882476 Firmware Search vendor "Phillips" for product "Gemini 882476 Firmware" | - | - |
Affected
| in | Phillips Search vendor "Phillips" | Gemini 882476 Search vendor "Phillips" for product "Gemini 882476" | - | - |
Safe
|
| Phillips Search vendor "Phillips" | Truflight 882438 Firmware Search vendor "Phillips" for product "Truflight 882438 Firmware" | - | - |
Affected
| in | Phillips Search vendor "Phillips" | Truflight 882438 Search vendor "Phillips" for product "Truflight 882438" | - | - |
Safe
|