Vulnerabilities > CVE-2021-33020 - Operation on a Resource after Expiration or Release vulnerability in Philips products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

philips

CWE-672

NVD

Published: 2022-04-01

Updated: 2023-07-07

Summary

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

Vulnerable Configurations

Part	Description	Count
Application	Philips Philips VUE Pacs - Philips VUE Motion * Philips Speech - Philips Myvue -	4

Common Weakness Enumeration (CWE)

CWE-672 - Operation on a Resource after Expiration or Release

References

http://www.philips.com/productsecurity
https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01