{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-40539",
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Philips Vue PACS does not require that users have strong passwords, which could make it easier for attackers to compromise user accounts."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-521 Weak Password Requirements",
                        "cweId": "CWE-521"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Philips",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Vue PACS",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "0",
                                            "version_value": "12.2.8.410"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01",
                "refsource": "MISC",
                "name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01"
            },
            {
                "url": "http://www.philips.com/productsecurity",
                "refsource": "MISC",
                "name": "http://www.philips.com/productsecurity"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "advisory": "ICSMA-24-200-01",
        "discovery": "EXTERNAL"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "Philips recommends configuring the Vue PACS environment per 8G7607 \u2013 Vue PACS User Guide Rev G available on <a target=\"_blank\" rel=\"nofollow\" href=\"http://incenter.medical.philips.com/Default.aspx?tabid=867\">Incenter</a>.<p>For managed services customers, new releases will be made available upon resource availability. Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact their local Philips Sales representative or submit a request in the <a target=\"_blank\" rel=\"nofollow\" href=\"https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/www.informatics.support.philips.com/csm\">Philips Informatics Support portal</a>.</p><p>Refer to the <a target=\"_blank\" rel=\"nofollow\" href=\"http://www.philips.com/productsecurity\">Philips advisory</a>&nbsp;for more details.</p>\n\n<br>"
                }
            ],
            "value": "Philips recommends configuring the Vue PACS environment per 8G7607 \u2013 Vue PACS User Guide Rev G available on  Incenter http://incenter.medical.philips.com/Default.aspx .For managed services customers, new releases will be made available upon resource availability. Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact their local Philips Sales representative or submit a request in the  Philips Informatics Support portal https://usdhs-my.sharepoint.com/personal/grayson_gaylor_associates_cisa_dhs_gov1/_layouts/15/www.informatics.support.philips.com/csm .\n\nRefer to the  Philips advisory http://www.philips.com/productsecurity \u00a0for more details."
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "TAS Health NZ and Camiel van Es reported these vulnerabilities to Philips."
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
            }
        ]
    }
}