C.03

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

philips

CWE-321

NVD

Published: 2021-12-27

Updated: 2022-01-12

Summary

The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from the Patient Information Center iX (PIC iX) Versions B.02, C.02, and C.03.

Vulnerable Configurations

Part	Description	Count
Application	Philips Philips Patient Information Center IX B.02 Philips Patient Information Center IX C.02 Philips Patient Information Center IX C.03	3

Common Weakness Enumeration (CWE)

CWE-321 - Use of Hard-coded Cryptographic Key

References

https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02