Vulnerability Description
The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Philips | Myvue | < 12.2.1.5 |
| Philips | Speech | < 12.2.8.0 |
| Philips | Vue Motion | < 12.2.1.5 |
| Philips | Vue Pacs | < 12.2.8.0 |
Related Weaknesses (CWE)
References
- http://www.philips.com/productsecurityVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01MitigationThird Party AdvisoryUS Government Resource
- http://www.philips.com/productsecurityVendor Advisory
- https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01MitigationThird Party AdvisoryUS Government Resource
FAQ
What is CVE-2021-33018?
CVE-2021-33018 is a vulnerability with a CVSS score of 7.5 (HIGH). The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information.
How severe is CVE-2021-33018?
CVE-2021-33018 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-33018?
Check the references section above for vendor advisories and patch information. Affected products include: Philips Myvue, Philips Speech, Philips Vue Motion, Philips Vue Pacs.