CVE-2023-40704

The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity.

CVSS v3 6.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.9 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.philips.com/productsecurity	Product
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01	Third Party Advisory US Government Resource
http://www.philips.com/productsecurity	Product
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:*

History

09 Apr 2025, 21:16

Type	Values Removed	Values Added
Summary	~~(en) Philips Vue PACS uses default credentials for potentially critical functionality.~~	(en) The product does not require unique and complex passwords to be created during installation. Using Philips's default password could jeopardize the PACS system if the password was hacked or leaked. An attacker could gain access to the database impacting system availability and data integrity.
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : 6.8

21 Nov 2024, 08:19

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : 7.1
References	~~() http://www.philips.com/productsecurity - Product~~	() http://www.philips.com/productsecurity - Product
References	~~() https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01 - Third Party Advisory, US Government Resource

05 Sep 2024, 21:01

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~8.4~~	v2 : unknown v3 : 9.8

05 Sep 2024, 20:36

Type	Values Removed	Values Added
CPE		cpe:2.3:a:philips:vue_pacs::::::::
References	~~() http://www.philips.com/productsecurity -~~	() http://www.philips.com/productsecurity - Product
References	~~() https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01 -~~	() https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01 - Third Party Advisory, US Government Resource
CWE		NVD-CWE-Other
First Time		Philips vue Pacs Philips
CVSS	v2 : ~~unknown~~ v3 : ~~7.1~~	v2 : unknown v3 : 8.4

19 Jul 2024, 13:01

Type	Values Removed	Values Added
Summary		(es) Philips Vue PACS utiliza credenciales predeterminadas para funciones potencialmente críticas.

18 Jul 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-07-18 17:15

Updated : 2025-04-09 21:16

NVD link : CVE-2023-40704

Mitre link : CVE-2023-40704

CVE.ORG link : CVE-2023-40704

JSON object : View

Products Affected

philips

vue_pacs

CWE

CWE-1392 NVD-CWE-Other

6.8 /10