ID

VAR-202107-1649


CVE

CVE-2021-27497


TITLE

Philips Vue PACS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-001551

DESCRIPTION

Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. Philips Vue PACS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-27497 // JVNDB: JVNDB-2022-001551 // VULHUB: VHN-386764

AFFECTED PRODUCTS

vendor:philipsmodel:speechscope:ltversion:12.2.8.0

Trust: 1.0

vendor:philipsmodel:vue pacsscope:ltversion:12.2.8.0

Trust: 1.0

vendor:philipsmodel:vue motionscope:ltversion:12.2.1.5

Trust: 1.0

vendor:philipsmodel:myvuescope:ltversion:12.2.1.5

Trust: 1.0

vendor:フィリップスmodel:vue speechscope: - version: -

Trust: 0.8

vendor:フィリップスmodel:vue pacsscope: - version: -

Trust: 0.8

vendor:フィリップスmodel:vue motionscope: - version: -

Trust: 0.8

vendor:フィリップスmodel:vue myvuescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-001551 // NVD: CVE-2021-27497

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-27497
value: CRITICAL

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-27497
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-27497
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202107-235
value: CRITICAL

Trust: 0.6

VULHUB: VHN-386764
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-27497
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-386764
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-27497
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-27497
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-27497
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-386764 // JVNDB: JVNDB-2022-001551 // CNNVD: CNNVD-202107-235 // NVD: CVE-2021-27497 // NVD: CVE-2021-27497

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Other (CWE-Other) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-001551 // NVD: CVE-2021-27497

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-235

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202107-235

PATCH

title:Philips Product Security Designed-Inurl:https://www.usa.philips.com/healthcare/about/customer-support/product-security

Trust: 0.8

sources: JVNDB: JVNDB-2022-001551

EXTERNAL IDS

db:NVDid:CVE-2021-27497

Trust: 3.3

db:ICS CERTid:ICSMA-21-187-01

Trust: 2.5

db:JVNid:JVNVU96012689

Trust: 0.8

db:JVNDBid:JVNDB-2022-001551

Trust: 0.8

db:CNNVDid:CNNVD-202107-235

Trust: 0.6

db:VULHUBid:VHN-386764

Trust: 0.1

sources: VULHUB: VHN-386764 // JVNDB: JVNDB-2022-001551 // CNNVD: CNNVD-202107-235 // NVD: CVE-2021-27497

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01

Trust: 2.5

url:http://www.philips.com/productsecurity

Trust: 1.7

url:https://jvn.jp/vu/jvnvu96012689/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-27497

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-27497/

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01

Trust: 0.6

sources: VULHUB: VHN-386764 // JVNDB: JVNDB-2022-001551 // CNNVD: CNNVD-202107-235 // NVD: CVE-2021-27497

CREDITS

Antonio Kulhanek reported CVE-2021-39369 to Philips. Philips reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202107-235

SOURCES

db:VULHUBid:VHN-386764
db:JVNDBid:JVNDB-2022-001551
db:CNNVDid:CNNVD-202107-235
db:NVDid:CVE-2021-27497

LAST UPDATE DATE

2024-08-14T12:39:55.626000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-386764date:2022-04-09T00:00:00
db:JVNDBid:JVNDB-2022-001551date:2022-04-18T07:32:00
db:CNNVDid:CNNVD-202107-235date:2022-04-11T00:00:00
db:NVDid:CVE-2021-27497date:2022-04-09T01:45:02.843

SOURCES RELEASE DATE

db:VULHUBid:VHN-386764date:2022-04-01T00:00:00
db:JVNDBid:JVNDB-2022-001551date:2022-04-18T00:00:00
db:CNNVDid:CNNVD-202107-235date:2021-07-06T00:00:00
db:NVDid:CVE-2021-27497date:2022-04-01T23:15:09.267