Default Credentials Expose Philips Vue PACS to Security Risks
CVE-2023-40704

5.7MEDIUM

Key Information:

Vendor: Philips
Status: Vue Pacs
Vendor: CVE Published:; 18 July 2024

Summary

Philips Vue PACS employs default credentials that expose critical functionality to potential unauthorized access. This vulnerability highlights significant security risks within the system, allowing threat actors to exploit unsecured accounts, potentially compromising sensitive patient data and overall system integrity. Organizations utilizing this product should prioritize changing default credentials to enhance security and mitigate risks associated with unauthorized system access.

Affected Version(s)

Vue PACS 0 < 12.2.8.410

References

https://www.cisa.gov/news-events/ics-medical-advisories/i...

http://www.philips.com/productsecurity

CVSS V4

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Jul 18, 2024
Vulnerability Reserved
Aug 21, 2023

Credit

TAS Health NZ and Camiel van Es reported these vulnerabilities to Philips.