What is CVE-2021-33024?

CVE-2021-33024 is a vulnerability in Philips Vue PACS versions 12.2.x.x and prior that allows for unauthorized interception or retrieval of authentication credentials.

What is the severity of CVE-2021-33024?

CVE-2021-33024 has a severity level of high, with a CVSS score of 7.5.

Which software versions are affected by CVE-2021-33024?

Philips Vue PACS versions 12.2.x.x and prior, Philips Myvue, Philips Speech, and Philips Vue Motion are affected by CVE-2021-33024.

How can an attacker exploit CVE-2021-33024?

An attacker can exploit CVE-2021-33024 by intercepting or retrieving authentication credentials stored or transmitted by vulnerable versions of Philips Vue PACS.

Are there any references for CVE-2021-33024?

Yes, you can find more information about CVE-2021-33024 on the Philips product security page and the US-CERT ICS Advisory page.

Vulnerability/
CVE-2021-33024

high

7.5

CWE

522

1/4/2022

3/8/2024

CVE-2021-33024: Philips Vue PACS Insufficiently Protected Credentials

First published: Fri Apr 01 2022(Updated: )

Philips Vue PACS versions 12.2.x.x and prior transmits or stores authentication credentials, but it uses an insecure method susceptible to unauthorized interception and/or retrieval.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Philips Myvue	<12.2.1.5
Philips Speech	<12.2.8.0
Philips Vue Motion	<12.2.1.5
Philips Vue PACS	<12.2.8.0

Remedy

Philips has released the following plans to address these vulnerabilities: Philips recommends configuring the Vue PACS environment per D000763414 – Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter. Philips will release Version 15 in Q1 / 2022 for PACS to remediate this issue and recommends contacting support. Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact a Philips Sales representative or submit a quote request in the eService portal at: Login - eService (philips.com) The Philips advisory is available. Please see the Philips product security website for the latest security information for Philips products.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-33024?
CVE-2021-33024 is a vulnerability in Philips Vue PACS versions 12.2.x.x and prior that allows for unauthorized interception or retrieval of authentication credentials.
What is the severity of CVE-2021-33024?
CVE-2021-33024 has a severity level of high, with a CVSS score of 7.5.
Which software versions are affected by CVE-2021-33024?
Philips Vue PACS versions 12.2.x.x and prior, Philips Myvue, Philips Speech, and Philips Vue Motion are affected by CVE-2021-33024.
How can an attacker exploit CVE-2021-33024?
An attacker can exploit CVE-2021-33024 by intercepting or retrieving authentication credentials stored or transmitted by vulnerable versions of Philips Vue PACS.
Are there any references for CVE-2021-33024?
Yes, you can find more information about CVE-2021-33024 on the Philips product security page and the US-CERT ICS Advisory page.

collector/nvd-index
agent/references
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/author
agent/remedy
agent/severity
agent/title
agent/softwarecombine
agent/type
agent/description
agent/first-publish-date
agent/event
agent/tags
vendor/philips
canonical/philips myvue
canonical/philips speech
canonical/philips vue motion
canonical/philips vue pacs

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.