ID

VAR-202111-1712


CVE

CVE-2021-43552


TITLE

Patient Information Center iX  Vulnerability related to the use of hard-coded encryption keys in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017487

DESCRIPTION

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03

Trust: 1.8

sources: NVD: CVE-2021-43552 // JVNDB: JVNDB-2021-017487 // VULHUB: VHN-406001 // VULMON: CVE-2021-43552

AFFECTED PRODUCTS

vendor:philipsmodel:patient information center ixscope:eqversion:b.02

Trust: 1.0

vendor:philipsmodel:patient information center ixscope:eqversion:c.03

Trust: 1.0

vendor:philipsmodel:patient information center ixscope:eqversion:c.02

Trust: 1.0

vendor:フィリップスmodel:patient information center ixscope:eqversion:c.03

Trust: 0.8

vendor:フィリップスmodel:patient information center ixscope:eqversion:c.02

Trust: 0.8

vendor:フィリップスmodel:patient information center ixscope:eqversion: -

Trust: 0.8

vendor:フィリップスmodel:patient information center ixscope:eqversion:b.02

Trust: 0.8

sources: JVNDB: JVNDB-2021-017487 // NVD: CVE-2021-43552

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43552
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-43552
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-43552
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202111-1571
value: MEDIUM

Trust: 0.6

VULHUB: VHN-406001
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-43552
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-406001
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-43552
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-43552
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 4.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-43552
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-406001 // JVNDB: JVNDB-2021-017487 // CNNVD: CNNVD-202111-1571 // NVD: CVE-2021-43552 // NVD: CVE-2021-43552

PROBLEMTYPE DATA

problemtype:CWE-321

Trust: 1.1

problemtype:Using hardcoded encryption keys (CWE-321) [ others ]

Trust: 0.8

sources: VULHUB: VHN-406001 // JVNDB: JVNDB-2021-017487 // NVD: CVE-2021-43552

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202111-1571

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-1571

PATCH

title:Patient Information Center iX (PIC iX)url:https://www.usa.philips.com/healthcare/product/HCNOCTN171/patient-information-center-ix-pic-ix

Trust: 0.8

title:Philips Patient Information Center iX Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170706

Trust: 0.6

sources: JVNDB: JVNDB-2021-017487 // CNNVD: CNNVD-202111-1571

EXTERNAL IDS

db:NVDid:CVE-2021-43552

Trust: 3.4

db:ICS CERTid:ICSMA-21-322-02

Trust: 2.6

db:JVNDBid:JVNDB-2021-017487

Trust: 0.8

db:AUSCERTid:ESB-2021.3947

Trust: 0.6

db:CS-HELPid:SB2021111904

Trust: 0.6

db:CNNVDid:CNNVD-202111-1571

Trust: 0.6

db:VULHUBid:VHN-406001

Trust: 0.1

db:VULMONid:CVE-2021-43552

Trust: 0.1

sources: VULHUB: VHN-406001 // VULMON: CVE-2021-43552 // JVNDB: JVNDB-2021-017487 // CNNVD: CNNVD-202111-1571 // NVD: CVE-2021-43552

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-43552

Trust: 1.4

url:https://www.auscert.org.au/bulletins/esb-2021.3947

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021111904

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsma-21-322-02

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/321.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-406001 // VULMON: CVE-2021-43552 // JVNDB: JVNDB-2021-017487 // CNNVD: CNNVD-202111-1571 // NVD: CVE-2021-43552

CREDITS

Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202111-1571

SOURCES

db:VULHUBid:VHN-406001
db:VULMONid:CVE-2021-43552
db:JVNDBid:JVNDB-2021-017487
db:CNNVDid:CNNVD-202111-1571
db:NVDid:CVE-2021-43552

LAST UPDATE DATE

2024-11-23T22:20:42.862000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-406001date:2022-01-12T00:00:00
db:VULMONid:CVE-2021-43552date:2021-12-27T00:00:00
db:JVNDBid:JVNDB-2021-017487date:2023-01-23T05:00:00
db:CNNVDid:CNNVD-202111-1571date:2022-01-13T00:00:00
db:NVDid:CVE-2021-43552date:2024-11-21T06:29:25.140

SOURCES RELEASE DATE

db:VULHUBid:VHN-406001date:2021-12-27T00:00:00
db:VULMONid:CVE-2021-43552date:2021-12-27T00:00:00
db:JVNDBid:JVNDB-2021-017487date:2023-01-23T00:00:00
db:CNNVDid:CNNVD-202111-1571date:2021-11-18T00:00:00
db:NVDid:CVE-2021-43552date:2021-12-27T19:15:08.557