CVE-2021-43550

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.

CVSS v3 5.9 MEDIUM
CVSS v2.0 3.3 LOW

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.6 / Impact : 4.2

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02	Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:philips:patient_information_center_ix:c.02:::::::*
	cpe:2.3:a:philips:patient_information_center_ix:c.03:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:philips:efficia_cm_firmware::::::::
	cpe:2.3:o:philips:efficia_cm_firmware:4.0:::::::*

cpe:2.3:h:philips:efficia_cm:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:29

Type	Values Removed	Values Added
References	~~() https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02 - Third Party Advisory, US Government Resource
CVSS	v2 : ~~3.3~~ v3 : ~~6.5~~	v2 : 3.3 v3 : 5.9

12 Jan 2022, 13:48

Type	Values Removed	Values Added
References	~~(MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02 -~~	(MISC) https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02 - Third Party Advisory, US Government Resource
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 3.3 v3 : 6.5
CPE		cpe:2.3:h:philips:efficia_cm:-:::::::* cpe:2.3:o:philips:efficia_cm_firmware:::::::: cpe:2.3:a:philips:patient_information_center_ix:c.03:::::::* cpe:2.3:a:philips:patient_information_center_ix:c.02:::::::* cpe:2.3:o:philips:efficia_cm_firmware:4.0:::::::*
CWE		CWE-327

27 Dec 2021, 19:38

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-12-27 19:15

Updated : 2024-11-21 06:29

NVD link : CVE-2021-43550

Mitre link : CVE-2021-43550

CVE.ORG link : CVE-2021-43550

JSON object : View

Products Affected

philips

efficia_cm
efficia_cm_firmware
patient_information_center_ix

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

5.9 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-43550

5.9^/10

3.3^/10

Attach tags to `CVE-2021-43550`