What is the severity of CVE-2021-27501?

The severity of CVE-2021-27501 is critical with a score of 9.8.

Which versions of Philips Vue PACS are affected by CVE-2021-27501?

Philips Vue PACS versions 12.2.x.x and prior are affected by CVE-2021-27501.

What are the affected software products related to CVE-2021-27501?

The affected software products related to CVE-2021-27501 include Philips Myvue, Philips Speech, Philips Vue Motion, and Philips Vue PACS.

What coding rule does Philips Vue PACS versions 12.2.x.x and prior not follow?

Philips Vue PACS versions 12.2.x.x and prior do not follow certain coding rules for development.

Are there any references available for CVE-2021-27501?

Yes, references for CVE-2021-27501 can be found at the following links: http://www.philips.com/productsecurity and https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01.

Vulnerability/
CVE-2021-27501

critical

9.8

CWE

710

1/4/2022

3/8/2024

CVE-2021-27501: Philips Vue PACS Improper Adherence to Coding Standards

First published: Fri Apr 01 2022(Updated: )

Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to resultant weaknesses or increase the severity of the associated vulnerabilities.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Philips Myvue	<12.2.1.5
Philips Speech	<12.2.8.0
Philips Vue Motion	<12.2.1.5
Philips Vue PACS	<12.2.8.0

Remedy

Philips has released the following plans to address these vulnerabilities: Philips recommends configuring the Vue PACS environment per D000763414 – Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter. Philips will release Version 15 in Q1 / 2022 for Speech to remediate this issue and recommends contacting support. Philips will release Version 15 in Q1 / 2022 for MyVue to remediate this issue and recommends contacting support. Philips will release Version 15 in Q1 / 2022 for PACS to remediate this issue and recommends contacting support. Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com) The Philips advisory is available. Please see the Philips product security website for the latest security information for Philips products.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-27501?
The severity of CVE-2021-27501 is critical with a score of 9.8.
Which versions of Philips Vue PACS are affected by CVE-2021-27501?
Philips Vue PACS versions 12.2.x.x and prior are affected by CVE-2021-27501.
What are the affected software products related to CVE-2021-27501?
The affected software products related to CVE-2021-27501 include Philips Myvue, Philips Speech, Philips Vue Motion, and Philips Vue PACS.
What coding rule does Philips Vue PACS versions 12.2.x.x and prior not follow?
Philips Vue PACS versions 12.2.x.x and prior do not follow certain coding rules for development.
Are there any references available for CVE-2021-27501?
Yes, references for CVE-2021-27501 can be found at the following links: http://www.philips.com/productsecurity and https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01.

collector/nvd-index
agent/type
agent/references
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/weakness
agent/title
agent/severity
agent/remedy
agent/description
agent/softwarecombine
agent/event
agent/first-publish-date
agent/tags
vendor/philips
canonical/philips myvue
canonical/philips speech
canonical/philips vue motion
canonical/philips vue pacs