mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
213 lines
9.5 KiB
JSON
213 lines
9.5 KiB
JSON
{
|
|
"CVE_data_meta": {
|
|
"ASSIGNER": "ics-cert@hq.dhs.gov",
|
|
"ID": "CVE-2021-27456",
|
|
"STATE": "PUBLIC",
|
|
"TITLE": "Philips Gemini PET/CT Storage of Sensitive Data in a Mechanism Without Access Control"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "Gemini 16 Slice",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "882300"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Gemini Dual",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "882160"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Gemini GXL 10 Slice",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "882400"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Gemini GXL 6 Slice",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "882390"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Gemini GXL 16 Slice",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "882410"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "GEMINI LXL",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "882412"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Gemini TF Ready",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "882473"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Gemini TF 16 w/ TOF Performance",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "882470"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Gemini TF 64 w/ TOF Performance",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "882471"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "Gemini TF Big Bore",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "882476"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
{
|
|
"product_name": "TruFlight Select PET/CT",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "882438"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name": "Philips"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Jean GEORGE \u2013 CHU UCL Namur \u2013 Nuclear medicine department reported this vulnerability to Philips."
|
|
}
|
|
],
|
|
"data_format": "MITRE",
|
|
"data_type": "CVE",
|
|
"data_version": "4.0",
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control."
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"impact": {
|
|
"cvss": {
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "PHYSICAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 2.4,
|
|
"baseSeverity": "LOW",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "NONE",
|
|
"privilegesRequired": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "NONE",
|
|
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
|
"version": "3.1"
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-921 Storage of Sensitive Data in a Mechanism without Access Control"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01"
|
|
},
|
|
{
|
|
"name": "https://www.philips.com/productsecurity",
|
|
"refsource": "CONFIRM",
|
|
"url": "https://www.philips.com/productsecurity"
|
|
}
|
|
]
|
|
},
|
|
"source": {
|
|
"discovery": "EXTERNAL"
|
|
},
|
|
"work_around": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Philips has identified the following guidance and mitigations:\n Users should operate all Philips deployed and supported Gemini PET/CT systems within Philips authorized specifications, including Philips approved software, software configuration, system services, and security configuration.\n Philips also recommends users implement a comprehensive, multi-layered strategy to protect systems from internal and external security threats, including restricting physical access of the scanner and removable media to only authorized personnel to reduce the risk of physical access by an unauthorized user.\n Patient health related information recorded on removable media may become accessible to unauthorized individuals despite the application of the anonymize function, which could create a security risk.\n\nUsers with questions regarding their specific installations of the Gemini PET/CT Family should contact a Philips service support team. Philips contact information is available at https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or 1-800-722-9377\n\nThe Philips advisory is available. Please see the Philips product security website for the latest security information for Philips products. "
|
|
}
|
|
]
|
|
} |