Details of VAR-202107-1647

ID

VAR-202107-1647

CVE

CVE-2021-27501

TITLE

Philips Vue PACS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-001552

DESCRIPTION

Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. Philips Vue PACS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-27501 // JVNDB: JVNDB-2022-001552 // VULHUB: VHN-386768

AFFECTED PRODUCTS

vendor:	philips	model:	speech	scope:	lt	version:	12.2.8.0	Trust: 1.0
vendor:	philips	model:	vue pacs	scope:	lt	version:	12.2.8.0	Trust: 1.0
vendor:	philips	model:	vue motion	scope:	lt	version:	12.2.1.5	Trust: 1.0
vendor:	philips	model:	myvue	scope:	lt	version:	12.2.1.5	Trust: 1.0
vendor:	フィリップス	model:	vue speech	scope:	-	version:	-	Trust: 0.8
vendor:	フィリップス	model:	vue pacs	scope:	-	version:	-	Trust: 0.8
vendor:	フィリップス	model:	vue motion	scope:	-	version:	-	Trust: 0.8
vendor:	フィリップス	model:	vue myvue	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-001552 // NVD: CVE-2021-27501

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27501
value:	CRITICAL
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-27501
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-27501
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202107-243
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-386768
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-27501
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-386768
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-27501
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-27501
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.6
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-27501
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-386768 // JVNDB: JVNDB-2022-001552 // CNNVD: CNNVD-202107-243 // NVD: CVE-2021-27501 // NVD: CVE-2021-27501

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-710	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-001552 // NVD: CVE-2021-27501

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-243

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202107-243

PATCH

title:	Philips Product Security Designed-In	url:	https://www.usa.philips.com/healthcare/about/customer-support/product-security	Trust: 0.8
title:	Philips Vue PACS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=179173	Trust: 0.6

sources: JVNDB: JVNDB-2022-001552 // CNNVD: CNNVD-202107-243

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27501	Trust: 3.3
db:	ICS CERT	id:	ICSMA-21-187-01	Trust: 2.5
db:	JVN	id:	JVNVU96012689	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-001552	Trust: 0.8
db:	CNNVD	id:	CNNVD-202107-243	Trust: 0.6
db:	VULHUB	id:	VHN-386768	Trust: 0.1

sources: VULHUB: VHN-386768 // JVNDB: JVNDB-2022-001552 // CNNVD: CNNVD-202107-243 // NVD: CVE-2021-27501

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01	Trust: 2.5
url:	http://www.philips.com/productsecurity	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu96012689/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27501	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-27501/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01	Trust: 0.6

sources: VULHUB: VHN-386768 // JVNDB: JVNDB-2022-001552 // CNNVD: CNNVD-202107-243 // NVD: CVE-2021-27501

CREDITS

Antonio Kulhanek reported CVE-2021-39369 to Philips. Philips reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202107-243

SOURCES

db:	VULHUB	id:	VHN-386768
db:	JVNDB	id:	JVNDB-2022-001552
db:	CNNVD	id:	CNNVD-202107-243
db:	NVD	id:	CVE-2021-27501

LAST UPDATE DATE

2024-08-14T12:16:55.353000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-386768	date:	2022-04-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-001552	date:	2022-04-18T07:32:00
db:	CNNVD	id:	CNNVD-202107-243	date:	2022-04-11T00:00:00
db:	NVD	id:	CVE-2021-27501	date:	2022-04-08T18:43:18.450

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-386768	date:	2022-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-001552	date:	2022-04-18T00:00:00
db:	CNNVD	id:	CNNVD-202107-243	date:	2021-07-06T00:00:00
db:	NVD	id:	CVE-2021-27501	date:	2022-04-01T23:15:09.317