Philips Gemini PET/CT Storage of Sensitive Data in a Mechanism Without Access Control
CVE-2021-27456
2.4LOW
Key Information:
- Vendor
- Philips
- Vendor
- CVE Published:
- 23 March 2022
Summary
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.
Affected Version(s)
Gemini 16 Slice 882300
Gemini Dual 882160
Gemini GXL 10 Slice 882400
References
CVSS V3.1
Score:
2.4
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Jean GEORGE – CHU UCL Namur – Nuclear medicine department reported this vulnerability to Philips.