CVE-2021-43552 - OpenCVE

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Philips	Patient Information Center Ix

Configuration 1 [-]

OR	cpe:2.3:a:philips:patient_information_center_ix:b.02:::::::*
	cpe:2.3:a:philips:patient_information_center_ix:c.02:::::::*
	cpe:2.3:a:philips:patient_information_center_ix:c.03:::::::*

No data.

References

Link	Providers
https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02

History

No history.

MITRE

Status: PUBLISHED

Assigner: icscert

Published: 2021-12-27T18:48:22.163893Z

Updated: 2024-09-17T00:16:34.580Z

Reserved: 2021-11-08T00:00:00

Link: CVE-2021-43552

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-12-27T19:15:08.557

Modified: 2022-01-12T13:59:59.737

Link: CVE-2021-43552

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Patient Information Center iX (PIC iX)", "vendor": "Philips", "versions": [{"status": "affected", "version": "C.02"}, {"status": "affected", "version": "C.03"}, {"status": "affected", "version": "B.02"}]}], "credits": [{"lang": "en", "value": "Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks"}], "datePublic": "2021-11-18T00:00:00", "descriptions": [{"lang": "en", "value": "The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-321", "description": "CWE-321 Use of Hard-coded Cryptographic Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-12-27T18:48:22", "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "shortName": "icscert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02"}], "source": {"advisory": "ICSMA-21-322-02", "discovery": "UNKNOWN"}, "title": "Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of Hard-coded Cryptographic Key", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "ics-cert@hq.dhs.gov", "DATE_PUBLIC": "2021-11-18T15:34:00.000Z", "ID": "CVE-2021-43552", "STATE": "PUBLIC", "TITLE": "Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of Hard-coded Cryptographic Key"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Patient Information Center iX (PIC iX)", "version": {"version_data": [{"version_affected": "=", "version_value": "C.02"}, {"version_affected": "=", "version_value": "C.03"}, {"version_affected": "=", "version_value": "B.02"}]}}]}, "vendor_name": "Philips"}]}}, "credit": [{"lang": "eng", "value": "Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-321 Use of Hard-coded Cryptographic Key"}]}]}, "references": {"reference_data": [{"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02", "refsource": "MISC", "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02"}]}, "solution": [{"lang": "en"}], "source": {"advisory": "ICSMA-21-322-02", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T04:03:07.936Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02"}]}]}, "cveMetadata": {"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6", "assignerShortName": "icscert", "cveId": "CVE-2021-43552", "datePublished": "2021-12-27T18:48:22.163893Z", "dateReserved": "2021-11-08T00:00:00", "dateUpdated": "2024-09-17T00:16:34.580Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:philips:patient_information_center_ix:b.02:*:*:*:*:*:*:*", "matchCriteriaId": "C4FA1FEC-5139-48C1-856C-8062436AE6C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*", "matchCriteriaId": "F3220AB2-AC0D-4AC2-90D8-76C02FC693EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*", "matchCriteriaId": "AE1FB3E9-E269-434A-B1C2-D54C40F437BE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03."}, {"lang": "es", "value": "El uso de una clave criptogr\u00e1fica embebida aumenta significativamente la posibilidad de que los datos encriptados puedan ser recuperados de Patient Information Center iX (PIC iX) Versiones B.02, C.02 y C.03"}], "id": "CVE-2021-43552", "lastModified": "2022-01-12T13:59:59.737", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "ics-cert@hq.dhs.gov", "type": "Secondary"}]}, "published": "2021-12-27T19:15:08.557", "references": [{"source": "ics-cert@hq.dhs.gov", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02"}], "sourceIdentifier": "ics-cert@hq.dhs.gov", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-321"}], "source": "ics-cert@hq.dhs.gov", "type": "Primary"}]}