Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-42744
PUBLISHED
More InfoOfficial Page
Assigner-icscert
Assigner Org ID-7d14cffa-0d7d-4270-9dc0-52cabd5a23a6
View Known Exploited Vulnerability (KEV) details
Published At-19 Nov, 2021 | 18:36
Updated At-04 Aug, 2024 | 03:38
Rejected At-
▼CVE Numbering Authority (CNA)
Philips MRI 1.5T and 3T Information Exposure

Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access.

Affected Products
Vendor
PhilipsPhilips
Product
MRI 1.5T
Versions
Affected
  • All 5.x.x
Vendor
PhilipsPhilips
Product
MRI 3T
Versions
Affected
  • 5.x.x
Problem Types
TypeCWE IDDescription
CWECWE-200CWE-200 Information Exposure
Type: CWE
CWE ID: CWE-200
Description: CWE-200 Information Exposure
Metrics
VersionBase scoreBase severityVector
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds

Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following: Users should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter. Users with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. For more information regarding these vulnerabilities, see the Philips product security advisory website. Users can also visit the Philips product security website for the latest security information for Philips products.

Exploits
Credits
Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01
x_refsource_MISC
https://www.usa.philips.com/healthcare/about/customer-support/product-security
x_refsource_MISC
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01
Resource:
x_refsource_MISC
Hyperlink: https://www.usa.philips.com/healthcare/about/customer-support/product-security
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01
x_refsource_MISC
x_transferred
https://www.usa.philips.com/healthcare/about/customer-support/product-security
x_refsource_MISC
x_transferred
Hyperlink: https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://www.usa.philips.com/healthcare/about/customer-support/product-security
Resource:
x_refsource_MISC
x_transferred
Details not found