CVE-2021-43550

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.

CVSS v3 5.9 MEDIUM
CVSS v2.0 3.3 LOW

5.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.6 / Impact : 4.2

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

Vector : AV:A/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02	Third Party Advisory US Government Resource
https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02	Third Party Advisory US Government Resource

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:philips:patient_information_center_ix:c.02:::::::*
	cpe:2.3:a:philips:patient_information_center_ix:c.03:::::::*

Configuration 2 (hide)

AND

OR	cpe:2.3:o:philips:efficia_cm_firmware::::::::
	cpe:2.3:o:philips:efficia_cm_firmware:4.0:::::::*

cpe:2.3:h:philips:efficia_cm:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:29

Type	Values Removed	Values Added
CVSS	v2 : ~~3.3~~ v3 : ~~6.5~~	v2 : 3.3 v3 : 5.9
References	~~() https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02 - Third Party Advisory, US Government Resource~~	() https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02 - Third Party Advisory, US Government Resource

Information

Published : 2021-12-27 19:15

Updated : 2024-11-21 06:29

NVD link : CVE-2021-43550

Mitre link : CVE-2021-43550

CVE.ORG link : CVE-2021-43550

JSON object : View

Products Affected

philips

patient_information_center_ix
efficia_cm_firmware
efficia_cm

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

{"id": "CVE-2021-43550", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.2, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-12-27T19:15:08.500", "references": [{"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ics-cert@hq.dhs.gov"}, {"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ics-cert@hq.dhs.gov", "description": [{"lang": "en", "value": "CWE-327"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0."}, {"lang": "es", "value": "El uso de un algoritmo criptogr\u00e1fico roto o arriesgado es un riesgo no necesario que puede resultar en una exposici\u00f3n de informaci\u00f3n confidencial, que afecta a las comunicaciones entre Patient Information Center iX (PIC iX) Versiones C.02 y C.03 y Efficia CM Series Revisiones A.01 a C.0x y 4.0"}], "lastModified": "2024-11-21T06:29:24.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F3220AB2-AC0D-4AC2-90D8-76C02FC693EB"}, {"criteria": "cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE1FB3E9-E269-434A-B1C2-D54C40F437BE"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:philips:efficia_cm_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7F70312-2F3F-42BB-A809-5F275DE0848D", "versionEndIncluding": "c.0x", "versionStartIncluding": "a.01"}, {"criteria": "cpe:2.3:o:philips:efficia_cm_firmware:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "361EA2EB-1860-4C89-B9B5-9C526600B3B0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:philips:efficia_cm:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A4B807A6-AF7D-40EA-902B-BD7E9FDAD22B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ics-cert@hq.dhs.gov"}