What is the severity of CVE-2023-40159?

CVE-2023-40159 has been rated with a medium severity, indicating potential risks to sensitive information.

Who is affected by CVE-2023-40159?

CVE-2023-40159 affects users of Philips Vue PACS versions prior to 12.2.8.410 who are not explicitly authorized for certain sensitive information access.

How do I fix CVE-2023-40159?

To mitigate CVE-2023-40159, it is recommended to upgrade to Philips Vue PACS version 12.2.8.410 or later.

What can an attacker achieve with CVE-2023-40159?

An attacker exploiting CVE-2023-40159 may gain unauthorized access to sensitive information within Philips Vue PACS on the same network.

Is there a patch available for CVE-2023-40159?

Yes, Philips has released a patch for CVE-2023-40159 to address the vulnerabilities in the affected versions.

Vulnerability/
CVE-2023-40159

high

8.8

CWE

200

18/7/2024

5/9/2024

CVE-2023-40159: Philips Vue PACS Exposure of Sensitive Information to an Unauthorized Actor

First published: Thu Jul 18 2024(Updated: )

A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information.

Credit: ics-cert@hq.dhs.gov

Affected Software	Affected Version	How to fix
Philips Isite PACS	<12.2.8.410

Remedy

Philips recommends upgrading to the latest Vue PACS version 12.2.8.400* released in August 2023. For managed services customers, new releases will be made available upon resource availability. Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact their local Philips Sales representative or submit a request in the Philips Informatics Support portal https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/www.informatics.support.philips.com/csm . Refer to the Philips advisory http://www.philips.com/productsecurity for more details.

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-40159?
CVE-2023-40159 has been rated with a medium severity, indicating potential risks to sensitive information.
Who is affected by CVE-2023-40159?
CVE-2023-40159 affects users of Philips Vue PACS versions prior to 12.2.8.410 who are not explicitly authorized for certain sensitive information access.
How do I fix CVE-2023-40159?
To mitigate CVE-2023-40159, it is recommended to upgrade to Philips Vue PACS version 12.2.8.410 or later.
What can an attacker achieve with CVE-2023-40159?
An attacker exploiting CVE-2023-40159 may gain unauthorized access to sensitive information within Philips Vue PACS on the same network.
Is there a patch available for CVE-2023-40159?
Yes, Philips has released a patch for CVE-2023-40159 to address the vulnerabilities in the affected versions.

agent/title
agent/remedy
agent/references
agent/weakness
agent/first-publish-date
agent/type
agent/description
agent/author
agent/event
collector/mitre-cve
source/MITRE
agent/severity
agent/softwarecombine
agent/last-modified-date
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/philips
canonical/philips isite pacs

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.