Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of Hard-coded Cryptographic Key
CVE-2021-43552

6.1MEDIUM

Key Information:

Vendor: Philips
Status: Patient Information Center Ix (pic Ix)
Vendor: CVE Published:; 27 December 2021

Summary

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.

Affected Version(s)

Patient Information Center iX (PIC iX) C.02

Patient Information Center iX (PIC iX) C.03

Patient Information Center iX (PIC iX) B.02

References

https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 27, 2021
Vulnerability Reserved
Nov 8, 2021

Credit

Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks