CVE-2023-40704: Philips Vue PACS Use of Default Credentials
First published: Thu Jul 18 2024(Updated: )
Philips Vue PACS uses default credentials for potentially critical functionality.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Philips Isite PACS | <12.2.8.410 |
Remedy
Philips recommends the following mitigations: * For CVE-2021-28165, Philips recommends configuring the Vue PACS environment per D000763414 – Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter https://incenter.medical.philips.com/Default.aspx . Vue PACS version 12.2.8.410* released in October 2023 prevents this vulnerability. * For CVE-2023-40704, Philips recommends no action needed due to low risk of exploitability, but customers can request that Philips update database password(s). For managed services users, new releases will be made available upon resource availability. Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact their local Philips sales representative or submit a request in the Philips Informatics Support portal https://www.informatics.support.philips.com/csm . Refer to the Philips advisory https://www.philips.com/productsecurity for more details.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-40704?
CVE-2023-40704 is considered a critical vulnerability due to the use of default credentials in Philips Vue PACS.
How do I fix CVE-2023-40704?
To fix CVE-2023-40704, replace the default credentials with strong, unique passwords for all accounts within Philips Vue PACS.
Which versions of Philips Vue PACS are affected by CVE-2023-40704?
CVE-2023-40704 affects all versions of Philips Vue PACS up to and including version 12.2.8.410.
What impact does CVE-2023-40704 have on Philips Vue PACS?
CVE-2023-40704 allows unauthorized access to potentially critical functionality within Philips Vue PACS due to default credential usage.
Is there a way to check if my Philips Vue PACS is vulnerable to CVE-2023-40704?
To check for CVE-2023-40704 vulnerabilities, review the authentication settings for default credentials in your Philips Vue PACS installation.
- agent/remedy
- agent/weakness
- agent/title
- agent/type
- agent/references
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/softwarecombine
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/philips
- canonical/philips isite pacs