CVE-2023-40223 - Vulnerability Details

Philips Vue PACS does not properly assign, modify, track, or check actor privileges, creating an unintended sphere of control for that actor.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

References

No reference.

History

Wed, 09 Apr 2025 21:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-269 NVD-CWE-noinfo
CPEs	cpe:2.3:a:philips:vue_pacs::::::::
Vendors & Products	Philips Philips vue Pacs
References	http://www.philips.com/productsecurity https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Wed, 09 Apr 2025 21:15:00 +0000

Type	Values Removed	Values Added
Title	Philips Vue PACS Improper Privilege Management
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 09 Apr 2025 20:45:00 +0000

Type	Values Removed	Values Added
Description	Philips Vue PACS does not properly assign, modify, track, or check actor privileges, creating an unintended sphere of control for that actor.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Metrics	cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}`	cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Thu, 05 Sep 2024 21:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Philips Philips vue Pacs
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:philips:vue_pacs::::::::
Vendors & Products		Philips Philips vue Pacs

MITRE

Status: REJECTED

Assigner: icscert

Published: 2024-07-18T16:23:18.410Z

Updated: 2025-04-09T20:23:56.551Z

Reserved: 2023-08-21T22:12:52.593Z

Link: CVE-2023-40223

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-07-18T17:15:03.173

Modified: 2025-04-09T21:16:06.380

Link: CVE-2023-40223

Redhat

No data.

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object