CVE-2021-27493

Published: Apr 1, 2022Modified: Apr 17, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

Affected (4)

Products: Philips: Myvue, Speech, Vue Motion, Vue Pacs

4 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Philips Myvue	Before 12.2.1.5
Philips Speech	Before 12.2.8.0
Philips Vue Motion	Before 12.2.1.5
Philips Vue Pacs	Before 12.2.8.0

Related CWEs

Improper Neutralization

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

References (4)

http://www.philips.com/productsecurity

Source: ics-cert@hq.dhs.gov

Vendor Advisory

https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

http://www.philips.com/productsecurity

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.