Vulnerabilites related to Philips - Efficia CM Series
CVE-2021-43550 (GCVE-0-2021-43550)
Vulnerability from cvelistv5
Published
2021-12-27 18:48
Modified
2024-09-16 19:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Summary
The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ► | Philips | Efficia CM Series |
Version: 4.0 Version: A.01 < |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:03:08.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Efficia CM Series",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "4.0"
},
{
"lessThanOrEqual": "C.0x",
"status": "affected",
"version": "A.01",
"versionType": "custom"
}
]
},
{
"product": "Patient Information Center iX (PIC iX)",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "C.02"
},
{
"status": "affected",
"version": "C.03"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks"
}
],
"datePublic": "2021-11-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-27T18:48:23",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02"
}
],
"source": {
"advisory": "ICSMA-21-322-02",
"discovery": "UNKNOWN"
},
"title": "Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of a Broken or Risky Cryptographic Algorithm",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2021-11-18T15:34:00.000Z",
"ID": "CVE-2021-43550",
"STATE": "PUBLIC",
"TITLE": "Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of a Broken or Risky Cryptographic Algorithm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Efficia CM Series",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "A.01",
"version_value": "C.0x"
},
{
"version_affected": "=",
"version_value": "4.0"
}
]
}
},
{
"product_name": "Patient Information Center iX (PIC iX)",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "C.02"
},
{
"version_affected": "=",
"version_value": "C.03"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02",
"refsource": "MISC",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02"
}
]
},
"solution": [
{
"lang": "en"
}
],
"source": {
"advisory": "ICSMA-21-322-02",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-43550",
"datePublished": "2021-12-27T18:48:23.613762Z",
"dateReserved": "2021-11-08T00:00:00",
"dateUpdated": "2024-09-16T19:00:27.450Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}