CVE-2021-43548

Philips Patient Information Center iX (PIC iX) and Efficia CM Series Improper Input Validation

CVSS 6.5 MEDIUMEPSS 0.4%CWE-20

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

27 Dec 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Patient Information Center iX (PIC iX) Versions C.02 and C.03 receives input or data, but does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Philips · Patient Information Center iX (PIC iX)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02