CVE-2023-40159 - Vulnerability Details

A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Philips Subscribe	Vue Pacs Subscribe

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-44766	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Wed, 09 Apr 2025 21:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-200 NVD-CWE-noinfo
CPEs	cpe:2.3:a:philips:vue_pacs::::::::
Vendors & Products	Philips Philips vue Pacs
References	http://www.philips.com/productsecurity https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01
Metrics	cvssV3_1 `{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N'}` cvssV4_0 `{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Wed, 09 Apr 2025 21:15:00 +0000

Type	Values Removed	Values Added
Title	Philips Vue PACS Exposure of Sensitive Information to an Unauthorized Actor

Wed, 09 Apr 2025 20:45:00 +0000

Type	Values Removed	Values Added
Description	A validated user not explicitly authorized to have access to certain sensitive information could access Philips Vue PACS on the same network to expose that information.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Metrics	cvssV4_0 `{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N'}`	cvssV4_0 `{'score': 8.8, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Thu, 05 Sep 2024 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Philips Philips vue Pacs
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:philips:vue_pacs::::::::
Vendors & Products		Philips Philips vue Pacs

Projects

Sign in to view the affected projects.

MITRE

Status: REJECTED

Assigner: icscert

Published: 2024-07-18T16:19:22.089Z

Updated: 2025-04-09T20:26:21.382Z

Reserved: 2023-08-21T22:09:46.731Z

Link: CVE-2023-40159

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-07-18T17:15:02.787

Modified: 2025-04-09T21:15:45.100

Link: CVE-2023-40159

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact High

Availability Impact None

User Interaction None

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object