high
8.2
CWE
672 324
Advisory Published
Updated

CVE-2021-33020: Philips Vue PACS Use of a Key Past its Expiration Date

First published: Fri Apr 01 2022(Updated: )

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

Credit: ics-cert@hq.dhs.gov

Affected SoftwareAffected VersionHow to fix
Philips Myvue<12.2.1.5
Philips Speech<12.2.8.0
Philips Vue Motion<12.2.1.5
Philips Vue PACS<12.2.8.0

Remedy

Philips has released the following plans to address these vulnerabilities: Philips recommends configuring the Vue PACS environment per D000763414 – Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter. Philips released Version 12.2.1.5 in June of 2020 for Vue Motion to remediate this issue and recommends contacting support. Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com) The Philips advisory is available. Please see the Philips product security website for the latest security information for Philips products.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is CVE-2021-33020?

    CVE-2021-33020 refers to a vulnerability in Philips Vue PACS versions 12.2.x.x and prior, where a cryptographic key or password is used past its expiration date, increasing the timing window for cracking attacks.

  • How does CVE-2021-33020 affect Philips Vue PACS?

    CVE-2021-33020 affects Philips Vue PACS versions 12.2.x.x and prior by diminishing its safety significantly and increasing the risk of cracking attacks against the expired cryptographic key or password.

  • What is the severity of CVE-2021-33020?

    CVE-2021-33020 has a severity rating of high with a CVSS score of 7.5.

  • How can I fix CVE-2021-33020?

    To fix CVE-2021-33020, it is recommended to update Philips Vue PACS to a version beyond 12.2.x.x and replace the expired cryptographic key or password with a new one.

  • Where can I find more information about CVE-2021-33020?

    More information about CVE-2021-33020 can be found on the Philips Product Security website and the CISA advisory.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203