CVE-2023-40704
6.8
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Philips | Vue PACS | 0 < 12.2.8.410 | affected |
Weaknesses
- CWE-1392: CWE-1392 Use of Default Credentials
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01
- http://www.philips.com/productsecurity
References
- https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01
- http://www.philips.com/productsecurity
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.