Vulnerability Description
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Philips | Myvue | < 12.2.1.5 |
| Philips | Speech | < 12.2.8.0 |
| Philips | Vue Motion | < 12.2.1.5 |
| Philips | Vue Pacs | < 12.2.8.0 |
Related Weaknesses (CWE)
References
- http://www.philips.com/productsecurityVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01Third Party AdvisoryUS Government Resource
- http://www.philips.com/productsecurityVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01Third Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-27493?
CVE-2021-27493 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an u...
How severe is CVE-2021-27493?
CVE-2021-27493 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-27493?
Check the references section above for vendor advisories and patch information. Affected products include: Philips Myvue, Philips Speech, Philips Vue Motion, Philips Vue Pacs.