Vulnerabilites related to philips - mri_1.5t_firmware
Vulnerability from fkie_nvd
Published
2021-11-19 19:15
Modified
2024-11-21 06:28
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.usa.philips.com/healthcare/about/customer-support/product-security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.usa.philips.com/healthcare/about/customer-support/product-security | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| philips | mri_1.5t_firmware | * | |
| philips | mri_1.5t | - | |
| philips | mri_3t_firmware | * | |
| philips | mri_3t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:mri_1.5t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B195E6-DBA3-44A1-ACD4-4961F62C0B5C",
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:mri_1.5t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27C345BC-B71C-4EA3-A7FD-07354F2D9375",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:mri_3t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E28B57-F160-4463-A019-01C016729B87",
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:mri_3t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D61A1A34-1132-47AC-9BBB-06537D59C9FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access."
},
{
"lang": "es",
"value": "Philips MRI 1.5T y MRI 3T versi\u00f3n 5.x.x, expone informaci\u00f3n confidencial a un actor no autorizado expl\u00edcitamente a tener acceso"
}
],
"id": "CVE-2021-42744",
"lastModified": "2024-11-21T06:28:05.130",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-19T19:15:09.147",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-19 19:15
Modified
2024-11-21 05:55
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.usa.philips.com/healthcare/about/customer-support/product-security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.usa.philips.com/healthcare/about/customer-support/product-security | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| philips | mri_3t_firmware | * | |
| philips | mri_3t | - | |
| philips | mri_1.5t_firmware | * | |
| philips | mri_1.5t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:mri_3t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E28B57-F160-4463-A019-01C016729B87",
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:mri_3t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D61A1A34-1132-47AC-9BBB-06537D59C9FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:mri_1.5t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B195E6-DBA3-44A1-ACD4-4961F62C0B5C",
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:mri_1.5t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27C345BC-B71C-4EA3-A7FD-07354F2D9375",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource."
},
{
"lang": "es",
"value": "Philips MRI 1.5T y MRI 3T versi\u00f3n 5.x.x, asigna a un recurso un propietario que est\u00e1 fuera de la esfera de control prevista"
}
],
"id": "CVE-2021-26248",
"lastModified": "2024-11-21T05:55:58.747",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-19T19:15:08.627",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-708"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-19 19:15
Modified
2024-11-21 05:56
Severity ?
6.2 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| ics-cert@hq.dhs.gov | https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01 | Third Party Advisory, US Government Resource | |
| ics-cert@hq.dhs.gov | https://www.usa.philips.com/healthcare/about/customer-support/product-security | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.usa.philips.com/healthcare/about/customer-support/product-security | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| philips | mri_3t_firmware | * | |
| philips | mri_3t | - | |
| philips | mri_1.5t_firmware | * | |
| philips | mri_1.5t | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:mri_3t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6E28B57-F160-4463-A019-01C016729B87",
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:mri_3t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D61A1A34-1132-47AC-9BBB-06537D59C9FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:philips:mri_1.5t_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7B195E6-DBA3-44A1-ACD4-4961F62C0B5C",
"versionEndExcluding": "6.0.0",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:philips:mri_1.5t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27C345BC-B71C-4EA3-A7FD-07354F2D9375",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor."
},
{
"lang": "es",
"value": "Philips MRI 1.5T y MRI 3T versi\u00f3n 5.x.x, no restringe o restringe incorrectamente el acceso a un recurso de un actor no autorizado"
}
],
"id": "CVE-2021-26262",
"lastModified": "2024-11-21T05:56:00.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6,
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-19T19:15:08.700",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-26248 (GCVE-0-2021-26248)
Vulnerability from cvelistv5
Published
2021-11-19 18:37
Modified
2024-08-03 20:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-708 - Incorrect Ownership Assignment
Summary
Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MRI 1.5T",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "All 5.x.x"
}
]
},
{
"product": "MRI 3T",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "5.x.x"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708 Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T18:37:35",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"title": "Philips MRI 1.5T and 3T Incorrect Ownership Assignment",
"workarounds": [
{
"lang": "en",
"value": "Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following:\nUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter.\n\nUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. \n\nFor more information regarding these vulnerabilities, see the Philips product security advisory website.\n\nUsers can also visit the Philips product security website for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-26248",
"STATE": "PUBLIC",
"TITLE": "Philips MRI 1.5T and 3T Incorrect Ownership Assignment"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MRI 1.5T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "5.x.x"
}
]
}
},
{
"product_name": "MRI 3T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x.x"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-708 Incorrect Ownership Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "MISC",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
]
},
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following:\nUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter.\n\nUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. \n\nFor more information regarding these vulnerabilities, see the Philips product security advisory website.\n\nUsers can also visit the Philips product security website for the latest security information for Philips products."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-26248",
"datePublished": "2021-11-19T18:37:35",
"dateReserved": "2021-11-11T00:00:00",
"dateUpdated": "2024-08-03T20:19:20.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-26262 (GCVE-0-2021-26262)
Vulnerability from cvelistv5
Published
2021-11-19 18:35
Modified
2024-08-03 20:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MRI 1.5T",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "All 5.x.x"
}
]
},
{
"product": "MRI 3T",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "5.x.x"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T18:35:52",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"title": "Philips MRI 1.5T and 3T Improper Access Control",
"workarounds": [
{
"lang": "en",
"value": "Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following:\nUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter.\n\nUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. \n\nFor more information regarding these vulnerabilities, see the Philips product security advisory website.\n\nUsers can also visit the Philips product security website for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-26262",
"STATE": "PUBLIC",
"TITLE": "Philips MRI 1.5T and 3T Improper Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MRI 1.5T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "5.x.x"
}
]
}
},
{
"product_name": "MRI 3T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x.x"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "MISC",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
]
},
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following:\nUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter.\n\nUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. \n\nFor more information regarding these vulnerabilities, see the Philips product security advisory website.\n\nUsers can also visit the Philips product security website for the latest security information for Philips products."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-26262",
"datePublished": "2021-11-19T18:35:52",
"dateReserved": "2021-11-11T00:00:00",
"dateUpdated": "2024-08-03T20:19:20.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-42744 (GCVE-0-2021-42744)
Vulnerability from cvelistv5
Published
2021-11-19 18:36
Modified
2024-08-04 03:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Information Exposure
Summary
Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MRI 1.5T",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "All 5.x.x"
}
]
},
{
"product": "MRI 3T",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "5.x.x"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Exposure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-19T18:36:49",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"title": "Philips MRI 1.5T and 3T Information Exposure",
"workarounds": [
{
"lang": "en",
"value": "Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following:\nUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter.\n\nUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. \n\nFor more information regarding these vulnerabilities, see the Philips product security advisory website.\n\nUsers can also visit the Philips product security website for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-42744",
"STATE": "PUBLIC",
"TITLE": "Philips MRI 1.5T and 3T Information Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MRI 1.5T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "5.x.x"
}
]
}
},
{
"product_name": "MRI 3T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x.x"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "MISC",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
]
},
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following:\nUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter.\n\nUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. \n\nFor more information regarding these vulnerabilities, see the Philips product security advisory website.\n\nUsers can also visit the Philips product security website for the latest security information for Philips products."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42744",
"datePublished": "2021-11-19T18:36:49",
"dateReserved": "2021-11-11T00:00:00",
"dateUpdated": "2024-08-04T03:38:50.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}