Sign-up

ID

VAR-202111-1714


CVE

CVE-2021-43548


TITLE

Patient Information Center iX  Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017507

DESCRIPTION

Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly

Trust: 1.8

sources: NVD: CVE-2021-43548 // JVNDB: JVNDB-2021-017507 // VULHUB: VHN-405997 // VULMON: CVE-2021-43548

AFFECTED PRODUCTS

vendor:philipsmodel:patient information center ixscope:eqversion:c.02

Trust: 1.0

vendor:philipsmodel:patient information center ixscope:eqversion:c.03

Trust: 1.0

vendor:フィリップスmodel:patient information center ixscope:eqversion:c.03

Trust: 0.8

vendor:フィリップスmodel:patient information center ixscope:eqversion: -

Trust: 0.8

vendor:フィリップスmodel:patient information center ixscope:eqversion:c.02

Trust: 0.8

sources: JVNDB: JVNDB-2021-017507 // NVD: CVE-2021-43548

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-43548
value: MEDIUM

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-43548
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-43548
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202111-1569
value: MEDIUM

Trust: 0.6

VULHUB: VHN-405997
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-43548
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-405997
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-43548
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-43548
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-43548
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-405997 // JVNDB: JVNDB-2021-017507 // CNNVD: CNNVD-202111-1569 // NVD: CVE-2021-43548 // NVD: CVE-2021-43548

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Inappropriate input confirmation (CWE-20) [ others ]

Trust: 0.8

sources: VULHUB: VHN-405997 // JVNDB: JVNDB-2021-017507 // NVD: CVE-2021-43548

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202111-1569

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202111-1569

PATCH

title:Patient Information Center iX (PIC iX)url:https://www.usa.philips.com/healthcare/product/HCNOCTN171/patient-information-center-ix-pic-ix

Trust: 0.8

title:Philips Patient Information Center iX Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170394

Trust: 0.6

sources: JVNDB: JVNDB-2021-017507 // CNNVD: CNNVD-202111-1569

EXTERNAL IDS

db:NVDid:CVE-2021-43548

Trust: 3.4

db:ICS CERTid:ICSMA-21-322-02

Trust: 2.6

db:JVNDBid:JVNDB-2021-017507

Trust: 0.8

db:AUSCERTid:ESB-2021.3947

Trust: 0.6

db:CS-HELPid:SB2021111903

Trust: 0.6

db:CNNVDid:CNNVD-202111-1569

Trust: 0.6

db:VULHUBid:VHN-405997

Trust: 0.1

db:VULMONid:CVE-2021-43548

Trust: 0.1

sources: VULHUB: VHN-405997 // VULMON: CVE-2021-43548 // JVNDB: JVNDB-2021-017507 // CNNVD: CNNVD-202111-1569 // NVD: CVE-2021-43548

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02

Trust: 2.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-43548

Trust: 1.4

url:https://www.cybersecurity-help.cz/vdb/sb2021111903

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.3947

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsma-21-322-02

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-405997 // VULMON: CVE-2021-43548 // JVNDB: JVNDB-2021-017507 // CNNVD: CNNVD-202111-1569 // NVD: CVE-2021-43548

CREDITS

Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks reported these vulnerabilities to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202111-1569

SOURCES

db:VULHUBid:VHN-405997
db:VULMONid:CVE-2021-43548
db:JVNDBid:JVNDB-2021-017507
db:CNNVDid:CNNVD-202111-1569
db:NVDid:CVE-2021-43548

LAST UPDATE DATE

2024-08-14T14:11:10.646000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-405997date:2022-01-12T00:00:00
db:VULMONid:CVE-2021-43548date:2021-12-27T00:00:00
db:JVNDBid:JVNDB-2021-017507date:2023-01-24T04:30:00
db:CNNVDid:CNNVD-202111-1569date:2022-01-13T00:00:00
db:NVDid:CVE-2021-43548date:2022-01-12T13:30:28.117

SOURCES RELEASE DATE

db:VULHUBid:VHN-405997date:2021-12-27T00:00:00
db:VULMONid:CVE-2021-43548date:2021-12-27T00:00:00
db:JVNDBid:JVNDB-2021-017507date:2023-01-24T00:00:00
db:CNNVDid:CNNVD-202111-1569date:2021-11-18T00:00:00
db:NVDid:CVE-2021-43548date:2021-12-27T19:15:08.437