Sign-up

ID

VAR-202111-1710


CVE

CVE-2021-43550


TITLE

Patient Information Center iX  and  Efficia CM Series  Vulnerability in using cryptographic algorithms in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017506

DESCRIPTION

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0

Trust: 1.8

sources: NVD: CVE-2021-43550 // JVNDB: JVNDB-2021-017506 // VULHUB: VHN-405999 // VULMON: CVE-2021-43550

AFFECTED PRODUCTS

vendor:philipsmodel:patient information center ixscope:eqversion:c.02

Trust: 1.0

vendor:philipsmodel:patient information center ixscope:eqversion:c.03

Trust: 1.0

vendor:philipsmodel:efficia cmscope:eqversion:4.0

Trust: 1.0

vendor:philipsmodel:efficia cmscope:lteversion:c.0x

Trust: 1.0

vendor:philipsmodel:efficia cmscope:gteversion:a.01

Trust: 1.0

vendor:フィリップスmodel:patient information center ixscope: - version: -

Trust: 0.8

vendor:フィリップスmodel:efficia cmscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-017506 // NVD: CVE-2021-43550

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43550
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-43550
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-43550
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202111-1573
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405999
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-43550
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-405999
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-43550
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-43550
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector: ADJACENT
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-43550
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405999 // JVNDB: JVNDB-2021-017506 // CNNVD: CNNVD-202111-1573 // NVD: CVE-2021-43550 // NVD: CVE-2021-43550

PROBLEMTYPE DATA

problemtype:CWE-327

Trust: 1.1

problemtype:Use of incomplete or dangerous cryptographic algorithms (CWE-327) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-405999 // JVNDB: JVNDB-2021-017506 // NVD: CVE-2021-43550

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202111-1573

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202111-1573

PATCH

title:Patient Information Center iX (PIC iX) Philipsurl:https://www.usa.philips.com/healthcare/product/HCNOCTN171/patient-information-center-ix-pic-ix

Trust: 0.8

title:Philips Patient Information Center iX Fixes for encryption problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170398

Trust: 0.6

sources: JVNDB: JVNDB-2021-017506 // CNNVD: CNNVD-202111-1573

EXTERNAL IDS

db:NVDid:CVE-2021-43550

Trust: 3.4

db:ICS CERTid:ICSMA-21-322-02

Trust: 2.6

db:JVNDBid:JVNDB-2021-017506

Trust: 0.8

db:AUSCERTid:ESB-2021.3947

Trust: 0.6

db:CS-HELPid:SB2021111904

Trust: 0.6

db:CNNVDid:CNNVD-202111-1573

Trust: 0.6

db:VULHUBid:VHN-405999

Trust: 0.1

db:VULMONid:CVE-2021-43550

Trust: 0.1

sources: VULHUB: VHN-405999 // VULMON: CVE-2021-43550 // JVNDB: JVNDB-2021-017506 // CNNVD: CNNVD-202111-1573 // NVD: CVE-2021-43550

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-43550

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.3947

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021111904

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsma-21-322-02

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-405999 // VULMON: CVE-2021-43550 // JVNDB: JVNDB-2021-017506 // CNNVD: CNNVD-202111-1573 // NVD: CVE-2021-43550

CREDITS

Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202111-1573

SOURCES

db:VULHUBid:VHN-405999
db:VULMONid:CVE-2021-43550
db:JVNDBid:JVNDB-2021-017506
db:CNNVDid:CNNVD-202111-1573
db:NVDid:CVE-2021-43550

LAST UPDATE DATE

2024-08-14T14:11:10.588000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405999date:2022-01-12T00:00:00
db:VULMONid:CVE-2021-43550date:2021-12-27T00:00:00
db:JVNDBid:JVNDB-2021-017506date:2023-01-24T03:25:00
db:CNNVDid:CNNVD-202111-1573date:2022-01-13T00:00:00
db:NVDid:CVE-2021-43550date:2022-01-12T13:48:58.003

SOURCES RELEASE DATE

db:VULHUBid:VHN-405999date:2021-12-27T00:00:00
db:VULMONid:CVE-2021-43550date:2021-12-27T00:00:00
db:JVNDBid:JVNDB-2021-017506date:2023-01-24T00:00:00
db:CNNVDid:CNNVD-202111-1573date:2021-11-18T00:00:00
db:NVDid:CVE-2021-43550date:2021-12-27T19:15:08.500