Описание
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
Ссылки
- Vendor Advisory
- MitigationThird Party AdvisoryUS Government Resource
- Vendor Advisory
- MitigationThird Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1Версия до 12.2.1.5 (исключая)Версия до 12.2.8.0 (исключая)Версия до 12.2.1.5 (исключая)Версия до 12.2.8.0 (исключая)
Одно из
cpe:2.3:a:philips:myvue:*:*:*:*:*:*:*:*
cpe:2.3:a:philips:speech:*:*:*:*:*:*:*:*
cpe:2.3:a:philips:vue_motion:*:*:*:*:*:*:*:*
cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.00219
Низкий
8.2 High
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-324
CWE-672
Связанные уязвимости
CVSS3: 7.5
github
почти 4 года назад
Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.
EPSS
Процентиль: 44%
0.00219
Низкий
8.2 High
CVSS3
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-324
CWE-672