CVE-2023-40539 - Vulnerability Details

Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Vendors	Products
Philips Subscribe	Vue Pacs Subscribe

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-45110	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

No reference.

History

Wed, 09 Apr 2025 21:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-521
CPEs	cpe:2.3:a:philips:vue_pacs::::::::
Vendors & Products	Philips Philips vue Pacs
References	http://www.philips.com/productsecurity https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01
Metrics	cvssV3_1 `{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}` cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Wed, 09 Apr 2025 21:15:00 +0000

Type	Values Removed	Values Added
Title	Philips Vue PACS Weak Password Requirements

Wed, 09 Apr 2025 20:45:00 +0000

Type	Values Removed	Values Added
Description	Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts.	This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Metrics	cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}`	cvssV4_0 `{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Thu, 05 Sep 2024 21:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Philips Philips vue Pacs
CPEs		cpe:2.3:a:philips:vue_pacs::::::::
Vendors & Products		Philips Philips vue Pacs

Projects

Sign in to view the affected projects.

MITRE

Status: REJECTED

Assigner: icscert

Published: 2024-07-18T16:29:27.586Z

Updated: 2025-04-09T20:25:02.684Z

Reserved: 2023-08-21T22:09:46.744Z

Link: CVE-2023-40539

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-07-18T17:15:03.553

Modified: 2025-04-09T21:16:15.920

Link: CVE-2023-40539

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-521

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object