CVE-2023-40704

Опубликовано: 18 июл. 2024

Источник: nvd

CVSS3: 6.8

CVSS3: 9.8

EPSS Низкий

Описание

The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity.

Ссылки

http://www.philips.com/productsecurity
Product
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01
Third Party Advisory
US Government Resource
http://www.philips.com/productsecurity
Product
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:*

Версия до 12.2.8.410 (исключая)

EPSS

Процентиль: 23%

0.00079

Низкий

6.8 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-1392

NVD-CWE-Other

Связанные уязвимости

GHSA-vh9f-gm3f-x483

CVSS3: 7.1

github

больше 1 года назад

Philips Vue PACS uses default credentials for potentially critical functionality.

EPSS

Процентиль: 23%

0.00079

Низкий

6.8 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-1392

NVD-CWE-Other