CVE-2021-27493: Philips Vue PACS
First published: Fri Apr 01 2022(Updated: )
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Philips Myvue | <12.2.1.5 | |
| Philips Speech | <12.2.8.0 | |
| Philips Vue Motion | <12.2.1.5 | |
| Philips Vue PACS | <12.2.8.0 |
Remedy
Philips has released the following plans to address these vulnerabilities: Philips recommends configuring the Vue PACS environment per D000763414 – Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter. Philips will release Version 15 in Q1 / 2022 for PACS that remediates this issue and recommends contacting support. Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com) The Philips advisory is available. Please see the Philips product security website for the latest security information for Philips products.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-27493?
CVE-2021-27493 is a vulnerability found in Philips Vue PACS versions 12.2.x.x and prior that does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
What is the severity of CVE-2021-27493?
The severity of CVE-2021-27493 is medium, with a severity value of 6.5.
Which software versions are affected by CVE-2021-27493?
Philips Vue PACS versions 12.2.x.x and prior are affected by CVE-2021-27493.
How can I fix CVE-2021-27493?
To fix CVE-2021-27493, update your Philips Vue PACS software to versions 12.2.1.6 or later.
Where can I find more information about CVE-2021-27493?
You can find more information about CVE-2021-27493 on the official product security page of Philips (http://www.philips.com/productsecurity) and the advisory page of CISA (https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01).
- collector/nvd-index
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/references
- agent/title
- agent/severity
- agent/remedy
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/philips
- canonical/philips myvue
- canonical/philips speech
- canonical/philips vue motion
- canonical/philips vue pacs