Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-14247 Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
Fixes

Solution

Philips has released the following plans to address these vulnerabilities: Philips recommends configuring the Vue PACS environment per D000763414 – Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter. Philips will release Version 15 in Q1 / 2022 for PACS that remediates this issue and recommends contacting support. Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com) The Philips advisory is available. Please see the Philips product security website for the latest security information for Philips products.


Workaround

No workaround given by the vendor.

History

Thu, 17 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-707
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: icscert

Published:

Updated: 2025-04-17T15:51:19.901Z

Reserved: 2021-02-19T00:00:00.000Z

Link: CVE-2021-27493

cve-icon Vulnrichment

Updated: 2024-08-03T21:26:09.120Z

cve-icon NVD

Status : Modified

Published: 2022-04-01T23:15:09.207

Modified: 2025-04-17T16:15:22.950

Link: CVE-2021-27493

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.