FKIE_CVE-2021-27456
Vulnerability from fkie_nvd - Published: 2022-03-23 20:15 - Updated: 2024-11-21 05:58
Severity ?
2.4 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2.4 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
2.4 (Low) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.
References
| URL | Tags | ||
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.philips.com/productsecurity | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.philips.com/productsecurity | Product |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phillips:gemini_882300_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D53F26-1CDB-4285-B8B2-19FF9A99696F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phillips:gemini_882300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E8309DAF-F77E-4000-934B-D88E3CA9F970",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phillips:gemini_882160_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B1AFEDFD-164C-4A6E-A7C4-5102C4F7F9BD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phillips:gemini_882160:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F56BAAE-C4EC-4D35-8389-17BD371FB148",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phillips:gemini_882400_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03D6F895-4605-41AD-A070-DE2153140F2B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phillips:gemini_882400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82EB90AC-1294-4F45-9E06-C8BDE1799891",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phillips:gemini_882390_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB6CBF1A-F22F-4EF2-85BD-EF3F7B0630C2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phillips:gemini_882390:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D43E2A9C-50C3-4D0C-86A5-A2A85CC1471D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phillips:gemini_882410_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6BFD9549-CEF4-4660-B25D-8B75E45F0647",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phillips:gemini_882410:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A760D18-A531-4B7A-8761-8CD176D634E5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phillips:gemini_882412_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "368682F9-3DF2-43EC-A11E-303AF266B17A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phillips:gemini_882412:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5F386C1D-2BDD-42E2-9518-121EF5EA9C52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phillips:gemini_882473_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA98781-6CC4-4536-8169-FAC7A8DAC32F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phillips:gemini_882473:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8F99A833-9F49-4A41-AD1E-7CBF8B86D721",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phillips:gemini_882470_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B6DF5584-736E-460A-924B-3B9DEF4D3557",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phillips:gemini_882470:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECEBE228-C5CE-4BE7-9784-4D9535999764",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phillips:gemini_882471_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66CF4FC6-336F-43BA-8584-AB1FC4A9D885",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phillips:gemini_882471:-:*:*:*:*:*:*:*",
"matchCriteriaId": "999C9C95-83F8-4A4D-86DB-6FBA7C07AD4E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phillips:gemini_882476_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "38EF38D4-235F-4195-9BFA-21174EDDB0AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phillips:gemini_882476:-:*:*:*:*:*:*:*",
"matchCriteriaId": "56F74A78-104B-4580-94F8-A86F1877055F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phillips:truflight_882438_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E14D7B-34E8-46FB-9D86-E92F6F7DD7D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:phillips:truflight_882438:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3B93D1-9A74-4F75-934A-48013D9BCBEA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control."
},
{
"lang": "es",
"value": "El software de la familia Philips Gemini PET/CT, almacena informaci\u00f3n confidencial en un dispositivo de medios extra\u00edbles que no presenta un control de acceso incorporado"
}
],
"id": "CVE-2021-27456",
"lastModified": "2024-11-21T05:58:01.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-23T20:15:08.643",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Product"
],
"url": "https://www.philips.com/productsecurity"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.philips.com/productsecurity"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-921"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-922"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…