Details of VAR-202107-1649

ID

VAR-202107-1649

CVE

CVE-2021-27497

TITLE

Philips Vue PACS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-001551

DESCRIPTION

Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. Philips Vue PACS Contains an unspecified vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.71

sources: NVD: CVE-2021-27497 // JVNDB: JVNDB-2022-001551 // VULHUB: VHN-386764

AFFECTED PRODUCTS

vendor:	philips	model:	speech	scope:	lt	version:	12.2.8.0	Trust: 1.0
vendor:	philips	model:	vue pacs	scope:	lt	version:	12.2.8.0	Trust: 1.0
vendor:	philips	model:	vue motion	scope:	lt	version:	12.2.1.5	Trust: 1.0
vendor:	philips	model:	myvue	scope:	lt	version:	12.2.1.5	Trust: 1.0
vendor:	フィリップス	model:	vue speech	scope:	-	version:	-	Trust: 0.8
vendor:	フィリップス	model:	vue pacs	scope:	-	version:	-	Trust: 0.8
vendor:	フィリップス	model:	vue motion	scope:	-	version:	-	Trust: 0.8
vendor:	フィリップス	model:	vue myvue	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-001551 // NVD: CVE-2021-27497

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27497
value:	CRITICAL
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-27497
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-27497
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202107-235
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-386764
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-27497
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-386764
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-27497
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-27497
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	4.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-27497
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-386764 // JVNDB: JVNDB-2022-001551 // CNNVD: CNNVD-202107-235 // NVD: CVE-2021-27497 // NVD: CVE-2021-27497

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Other (CWE-Other) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-001551 // NVD: CVE-2021-27497

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-235

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202107-235

PATCH

title:

Philips Product Security Designed-In

url:

https://www.usa.philips.com/healthcare/about/customer-support/product-security

Trust: 0.8

sources: JVNDB: JVNDB-2022-001551

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27497	Trust: 3.3
db:	ICS CERT	id:	ICSMA-21-187-01	Trust: 2.5
db:	JVN	id:	JVNVU96012689	Trust: 0.8
db:	JVNDB	id:	JVNDB-2022-001551	Trust: 0.8
db:	CNNVD	id:	CNNVD-202107-235	Trust: 0.6
db:	VULHUB	id:	VHN-386764	Trust: 0.1

sources: VULHUB: VHN-386764 // JVNDB: JVNDB-2022-001551 // CNNVD: CNNVD-202107-235 // NVD: CVE-2021-27497

REFERENCES

url:	https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01	Trust: 2.5
url:	http://www.philips.com/productsecurity	Trust: 1.7
url:	https://jvn.jp/vu/jvnvu96012689/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27497	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-27497/	Trust: 0.6
url:	https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01	Trust: 0.6

sources: VULHUB: VHN-386764 // JVNDB: JVNDB-2022-001551 // CNNVD: CNNVD-202107-235 // NVD: CVE-2021-27497

CREDITS

Antonio Kulhanek reported CVE-2021-39369 to Philips. Philips reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202107-235

SOURCES

db:	VULHUB	id:	VHN-386764
db:	JVNDB	id:	JVNDB-2022-001551
db:	CNNVD	id:	CNNVD-202107-235
db:	NVD	id:	CVE-2021-27497

LAST UPDATE DATE

2024-08-14T12:39:55.626000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-386764	date:	2022-04-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-001551	date:	2022-04-18T07:32:00
db:	CNNVD	id:	CNNVD-202107-235	date:	2022-04-11T00:00:00
db:	NVD	id:	CVE-2021-27497	date:	2022-04-09T01:45:02.843

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-386764	date:	2022-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2022-001551	date:	2022-04-18T00:00:00
db:	CNNVD	id:	CNNVD-202107-235	date:	2021-07-06T00:00:00
db:	NVD	id:	CVE-2021-27497	date:	2022-04-01T23:15:09.267