Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Vue_pacs
(Philips)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 12 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-01 | CVE-2021-27501 | Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities. | Myvue, Speech, Vue_motion, Vue_pacs | 9.8 | ||
| 2022-04-01 | CVE-2021-33018 | The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary risk that may result in the exposure of sensitive information. | Myvue, Speech, Vue_motion, Vue_pacs | 7.5 | ||
| 2022-04-01 | CVE-2021-33022 | Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | Myvue, Speech, Vue_motion, Vue_pacs | 7.5 | ||
| 2022-04-01 | CVE-2021-33024 | Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval. | Myvue, Speech, Vue_motion, Vue_pacs | 7.5 | ||
| 2022-04-01 | CVE-2021-33020 | Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key. | Myvue, Speech, Vue_motion, Vue_pacs | 7.5 | ||
| 2022-12-26 | CVE-2021-39369 | In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by authenticated users to access files stored outside of the web root. | Myvue, Speech, Vue_motion, Vue_pacs | 6.5 | ||
| 2024-07-18 | CVE-2023-40539 | Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts. | Vue_pacs | 5.9 | ||
| 2024-07-18 | CVE-2023-40704 | Philips Vue PACS uses default credentials for potentially critical functionality. | Vue_pacs | 9.8 | ||
| 2024-07-18 | CVE-2023-40223 | Philips Vue PACS does not properly assign, modify, track, or check actor privileges, creating an unintended sphere of control for that actor. | Vue_pacs | 8.8 | ||
| 2024-07-18 | CVE-2023-40159 | A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information. | Vue_pacs | 6.5 |