CVE-2021-27456 (GCVE-0-2021-27456)
Vulnerability from cvelistv5
Published
2022-03-23 19:46
Modified
2025-04-16 16:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-921 - Storage of Sensitive Data in a Mechanism without Access Control
Summary
Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.
References
| ► | URL | Tags | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Philips | Gemini 16 Slice |
Version: 882300 |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:48:17.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.philips.com/productsecurity"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-16T15:55:29.540028Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T16:41:17.401Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Gemini 16 Slice",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "882300"
}
]
},
{
"product": "Gemini Dual",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "882160"
}
]
},
{
"product": "Gemini GXL 10 Slice",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "882400"
}
]
},
{
"product": "Gemini GXL 6 Slice",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "882390"
}
]
},
{
"product": "Gemini GXL 16 Slice",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "882410"
}
]
},
{
"product": "GEMINI LXL",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "882412"
}
]
},
{
"product": "Gemini TF Ready",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "882473"
}
]
},
{
"product": "Gemini TF 16 w/ TOF Performance",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "882470"
}
]
},
{
"product": "Gemini TF 64 w/ TOF Performance",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "882471"
}
]
},
{
"product": "Gemini TF Big Bore",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "882476"
}
]
},
{
"product": "TruFlight Select PET/CT",
"vendor": "Philips",
"versions": [
{
"status": "affected",
"version": "882438"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jean GEORGE \u2013 CHU UCL Namur \u2013 Nuclear medicine department reported this vulnerability to Philips."
}
],
"descriptions": [
{
"lang": "en",
"value": "Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-921",
"description": "CWE-921 Storage of Sensitive Data in a Mechanism without Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-23T19:46:21.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.philips.com/productsecurity"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Philips Gemini PET/CT Storage of Sensitive Data in a Mechanism Without Access Control",
"workarounds": [
{
"lang": "en",
"value": "Philips has identified the following guidance and mitigations:\n Users should operate all Philips deployed and supported Gemini PET/CT systems within Philips authorized specifications, including Philips approved software, software configuration, system services, and security configuration.\n Philips also recommends users implement a comprehensive, multi-layered strategy to protect systems from internal and external security threats, including restricting physical access of the scanner and removable media to only authorized personnel to reduce the risk of physical access by an unauthorized user.\n Patient health related information recorded on removable media may become accessible to unauthorized individuals despite the application of the anonymize function, which could create a security risk.\n\nUsers with questions regarding their specific installations of the Gemini PET/CT Family should contact a Philips service support team. Philips contact information is available at https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or 1-800-722-9377\n\nThe Philips advisory is available. Please see the Philips product security website for the latest security information for Philips products. "
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-27456",
"STATE": "PUBLIC",
"TITLE": "Philips Gemini PET/CT Storage of Sensitive Data in a Mechanism Without Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Gemini 16 Slice",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "882300"
}
]
}
},
{
"product_name": "Gemini Dual",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "882160"
}
]
}
},
{
"product_name": "Gemini GXL 10 Slice",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "882400"
}
]
}
},
{
"product_name": "Gemini GXL 6 Slice",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "882390"
}
]
}
},
{
"product_name": "Gemini GXL 16 Slice",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "882410"
}
]
}
},
{
"product_name": "GEMINI LXL",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "882412"
}
]
}
},
{
"product_name": "Gemini TF Ready",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "882473"
}
]
}
},
{
"product_name": "Gemini TF 16 w/ TOF Performance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "882470"
}
]
}
},
{
"product_name": "Gemini TF 64 w/ TOF Performance",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "882471"
}
]
}
},
{
"product_name": "Gemini TF Big Bore",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "882476"
}
]
}
},
{
"product_name": "TruFlight Select PET/CT",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "882438"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jean GEORGE \u2013 CHU UCL Namur \u2013 Nuclear medicine department reported this vulnerability to Philips."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-921 Storage of Sensitive Data in a Mechanism without Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01",
"refsource": "CONFIRM",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01"
},
{
"name": "https://www.philips.com/productsecurity",
"refsource": "CONFIRM",
"url": "https://www.philips.com/productsecurity"
}
]
},
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Philips has identified the following guidance and mitigations:\n Users should operate all Philips deployed and supported Gemini PET/CT systems within Philips authorized specifications, including Philips approved software, software configuration, system services, and security configuration.\n Philips also recommends users implement a comprehensive, multi-layered strategy to protect systems from internal and external security threats, including restricting physical access of the scanner and removable media to only authorized personnel to reduce the risk of physical access by an unauthorized user.\n Patient health related information recorded on removable media may become accessible to unauthorized individuals despite the application of the anonymize function, which could create a security risk.\n\nUsers with questions regarding their specific installations of the Gemini PET/CT Family should contact a Philips service support team. Philips contact information is available at https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or 1-800-722-9377\n\nThe Philips advisory is available. Please see the Philips product security website for the latest security information for Philips products. "
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-27456",
"datePublished": "2022-03-23T19:46:21.000Z",
"dateReserved": "2021-02-19T00:00:00.000Z",
"dateUpdated": "2025-04-16T16:41:17.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2021-27456\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2022-03-23T20:15:08.643\",\"lastModified\":\"2024-11-21T05:58:01.547\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.\"},{\"lang\":\"es\",\"value\":\"El software de la familia Philips Gemini PET/CT, almacena informaci\u00f3n confidencial en un dispositivo de medios extra\u00edbles que no presenta un control de acceso incorporado\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":2.4,\"baseSeverity\":\"LOW\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":2.4,\"baseSeverity\":\"LOW\",\"attackVector\":\"PHYSICAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":0.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-921\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-922\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phillips:gemini_882300_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0D53F26-1CDB-4285-B8B2-19FF9A99696F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phillips:gemini_882300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8309DAF-F77E-4000-934B-D88E3CA9F970\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phillips:gemini_882160_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1AFEDFD-164C-4A6E-A7C4-5102C4F7F9BD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phillips:gemini_882160:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F56BAAE-C4EC-4D35-8389-17BD371FB148\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phillips:gemini_882400_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03D6F895-4605-41AD-A070-DE2153140F2B\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phillips:gemini_882400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82EB90AC-1294-4F45-9E06-C8BDE1799891\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phillips:gemini_882390_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB6CBF1A-F22F-4EF2-85BD-EF3F7B0630C2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phillips:gemini_882390:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D43E2A9C-50C3-4D0C-86A5-A2A85CC1471D\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phillips:gemini_882410_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BFD9549-CEF4-4660-B25D-8B75E45F0647\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phillips:gemini_882410:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A760D18-A531-4B7A-8761-8CD176D634E5\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phillips:gemini_882412_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"368682F9-3DF2-43EC-A11E-303AF266B17A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phillips:gemini_882412:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F386C1D-2BDD-42E2-9518-121EF5EA9C52\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phillips:gemini_882473_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FA98781-6CC4-4536-8169-FAC7A8DAC32F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phillips:gemini_882473:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F99A833-9F49-4A41-AD1E-7CBF8B86D721\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phillips:gemini_882470_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6DF5584-736E-460A-924B-3B9DEF4D3557\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phillips:gemini_882470:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECEBE228-C5CE-4BE7-9784-4D9535999764\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phillips:gemini_882471_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66CF4FC6-336F-43BA-8584-AB1FC4A9D885\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phillips:gemini_882471:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"999C9C95-83F8-4A4D-86DB-6FBA7C07AD4E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phillips:gemini_882476_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38EF38D4-235F-4195-9BFA-21174EDDB0AB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phillips:gemini_882476:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56F74A78-104B-4580-94F8-A86F1877055F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phillips:truflight_882438_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43E14D7B-34E8-46FB-9D86-E92F6F7DD7D9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:phillips:truflight_882438:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F3B93D1-9A74-4F75-934A-48013D9BCBEA\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.philips.com/productsecurity\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Product\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.philips.com/productsecurity\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.philips.com/productsecurity\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T20:48:17.180Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-27456\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-16T15:55:29.540028Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-16T15:55:31.357Z\"}}], \"cna\": {\"title\": \"Philips Gemini PET/CT Storage of Sensitive Data in a Mechanism Without Access Control\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"value\": \"Jean GEORGE \\u2013 CHU UCL Namur \\u2013 Nuclear medicine department reported this vulnerability to Philips.\"}], \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.4, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"Philips\", \"product\": \"Gemini 16 Slice\", \"versions\": [{\"status\": \"affected\", \"version\": \"882300\"}]}, {\"vendor\": \"Philips\", \"product\": \"Gemini Dual\", \"versions\": [{\"status\": \"affected\", \"version\": \"882160\"}]}, {\"vendor\": \"Philips\", \"product\": \"Gemini GXL 10 Slice\", \"versions\": [{\"status\": \"affected\", \"version\": \"882400\"}]}, {\"vendor\": \"Philips\", \"product\": \"Gemini GXL 6 Slice\", \"versions\": [{\"status\": \"affected\", \"version\": \"882390\"}]}, {\"vendor\": \"Philips\", \"product\": \"Gemini GXL 16 Slice\", \"versions\": [{\"status\": \"affected\", \"version\": \"882410\"}]}, {\"vendor\": \"Philips\", \"product\": \"GEMINI LXL\", \"versions\": [{\"status\": \"affected\", \"version\": \"882412\"}]}, {\"vendor\": \"Philips\", \"product\": \"Gemini TF Ready\", \"versions\": [{\"status\": \"affected\", \"version\": \"882473\"}]}, {\"vendor\": \"Philips\", \"product\": \"Gemini TF 16 w/ TOF Performance\", \"versions\": [{\"status\": \"affected\", \"version\": \"882470\"}]}, {\"vendor\": \"Philips\", \"product\": \"Gemini TF 64 w/ TOF Performance\", \"versions\": [{\"status\": \"affected\", \"version\": \"882471\"}]}, {\"vendor\": \"Philips\", \"product\": \"Gemini TF Big Bore\", \"versions\": [{\"status\": \"affected\", \"version\": \"882476\"}]}, {\"vendor\": \"Philips\", \"product\": \"TruFlight Select PET/CT\", \"versions\": [{\"status\": \"affected\", \"version\": \"882438\"}]}], \"references\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.philips.com/productsecurity\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Philips has identified the following guidance and mitigations:\\n Users should operate all Philips deployed and supported Gemini PET/CT systems within Philips authorized specifications, including Philips approved software, software configuration, system services, and security configuration.\\n Philips also recommends users implement a comprehensive, multi-layered strategy to protect systems from internal and external security threats, including restricting physical access of the scanner and removable media to only authorized personnel to reduce the risk of physical access by an unauthorized user.\\n Patient health related information recorded on removable media may become accessible to unauthorized individuals despite the application of the anonymize function, which could create a security risk.\\n\\nUsers with questions regarding their specific installations of the Gemini PET/CT Family should contact a Philips service support team. Philips contact information is available at https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or 1-800-722-9377\\n\\nThe Philips advisory is available. Please see the Philips product security website for the latest security information for Philips products. \"}], \"x_generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-921\", \"description\": \"CWE-921 Storage of Sensitive Data in a Mechanism without Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"shortName\": \"icscert\", \"dateUpdated\": \"2022-03-23T19:46:21.000Z\"}, \"x_legacyV4Record\": {\"credit\": [{\"lang\": \"eng\", \"value\": \"Jean GEORGE \\u2013 CHU UCL Namur \\u2013 Nuclear medicine department reported this vulnerability to Philips.\"}], \"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 2.4, \"attackVector\": \"PHYSICAL\", \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}, \"source\": {\"discovery\": \"EXTERNAL\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"882300\", \"version_affected\": \"=\"}]}, \"product_name\": \"Gemini 16 Slice\"}, {\"version\": {\"version_data\": [{\"version_value\": \"882160\", \"version_affected\": \"=\"}]}, \"product_name\": \"Gemini Dual\"}, {\"version\": {\"version_data\": [{\"version_value\": \"882400\", \"version_affected\": \"=\"}]}, \"product_name\": \"Gemini GXL 10 Slice\"}, {\"version\": {\"version_data\": [{\"version_value\": \"882390\", \"version_affected\": \"=\"}]}, \"product_name\": \"Gemini GXL 6 Slice\"}, {\"version\": {\"version_data\": [{\"version_value\": \"882410\", \"version_affected\": \"=\"}]}, \"product_name\": \"Gemini GXL 16 Slice\"}, {\"version\": {\"version_data\": [{\"version_value\": \"882412\", \"version_affected\": \"=\"}]}, \"product_name\": \"GEMINI LXL\"}, {\"version\": {\"version_data\": [{\"version_value\": \"882473\", \"version_affected\": \"=\"}]}, \"product_name\": \"Gemini TF Ready\"}, {\"version\": {\"version_data\": [{\"version_value\": \"882470\", \"version_affected\": \"=\"}]}, \"product_name\": \"Gemini TF 16 w/ TOF Performance\"}, {\"version\": {\"version_data\": [{\"version_value\": \"882471\", \"version_affected\": \"=\"}]}, \"product_name\": \"Gemini TF 64 w/ TOF Performance\"}, {\"version\": {\"version_data\": [{\"version_value\": \"882476\", \"version_affected\": \"=\"}]}, \"product_name\": \"Gemini TF Big Bore\"}, {\"version\": {\"version_data\": [{\"version_value\": \"882438\", \"version_affected\": \"=\"}]}, \"product_name\": \"TruFlight Select PET/CT\"}]}, \"vendor_name\": \"Philips\"}]}}, \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01\", \"name\": \"https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.philips.com/productsecurity\", \"name\": \"https://www.philips.com/productsecurity\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-921 Storage of Sensitive Data in a Mechanism without Access Control\"}]}]}, \"work_around\": [{\"lang\": \"en\", \"value\": \"Philips has identified the following guidance and mitigations:\\n Users should operate all Philips deployed and supported Gemini PET/CT systems within Philips authorized specifications, including Philips approved software, software configuration, system services, and security configuration.\\n Philips also recommends users implement a comprehensive, multi-layered strategy to protect systems from internal and external security threats, including restricting physical access of the scanner and removable media to only authorized personnel to reduce the risk of physical access by an unauthorized user.\\n Patient health related information recorded on removable media may become accessible to unauthorized individuals despite the application of the anonymize function, which could create a security risk.\\n\\nUsers with questions regarding their specific installations of the Gemini PET/CT Family should contact a Philips service support team. Philips contact information is available at https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or 1-800-722-9377\\n\\nThe Philips advisory is available. Please see the Philips product security website for the latest security information for Philips products. \"}], \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-27456\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Philips Gemini PET/CT Storage of Sensitive Data in a Mechanism Without Access Control\", \"ASSIGNER\": \"ics-cert@hq.dhs.gov\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-27456\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-16T16:41:17.401Z\", \"dateReserved\": \"2021-02-19T00:00:00.000Z\", \"assignerOrgId\": \"7d14cffa-0d7d-4270-9dc0-52cabd5a23a6\", \"datePublished\": \"2022-03-23T19:46:21.000Z\", \"assignerShortName\": \"icscert\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…