CVE-2023-40539 : Philips Vue PACS does not require that users have strong passwords, which could

Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts.

Published 2024-07-18 17:15:04

Updated 2024-09-05 21:14:36

Source ICS-CERT

View at NVD, CVE.org

Products affected by CVE-2023-40539

Philips » Vue Pacs
Versions before (<) 12.2.8.410
cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 22 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.4	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	1.8	2.5	ICS-CERT	2024-07-18
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: None
5.9	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N	2.2	3.6	NIST	2024-09-05
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
4.8	MEDIUM	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/V...	N/A	N/A	ICS-CERT	2024-07-18
Attack Vector: Local Attack Complexity: Low Attack Requirements: None Privileges Required: Low User Interaction: None Confidentiality (VC): Low Integrity (VI): Low Availability (VA): None

CWE-521 Weak Password Requirements

The product does not require that users should have strong passwords, which makes it easier for attackers to compromise user accounts.

Assigned by: ics-cert@hq.dhs.gov (Primary)

Jump to