Detections
Analytics

CVE-2023-40704

medium

Description

The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity.

References

https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01

https://www.hipaajournal.com/cisa-issues-alert-about-multiple-philips-vue-pacs-vulnerabilities/

http://www.philips.com/productsecurity

Details

Source: Mitre, NVD

Published: 2024-07-18

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

CVSS v4

Base Score: 5.7

Vector: CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00067