CVE-2023-40704

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.philips.com/productsecurity", "name": "http://www.philips.com/productsecurity", "tags": ["Product"], "refsource": ""}, {"url": "http://www.philips.com/productsecurity", "name": "http://www.philips.com/productsecurity", "tags": ["Product"], "refsource": ""}, {"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01", "name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": ""}, {"url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01", "name": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-200-01", "tags": ["Third Party Advisory", "US Government Resource"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The product does not require unique and complex passwords to be created \nduring installation. Using Philips's default password could jeopardize \nthe PACS system if the password was hacked or leaked. An attacker could \ngain access to the database impacting system availability and data \nintegrity."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-40704", "ASSIGNER": "ics-cert@hq.dhs.gov"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}}, "publishedDate": "2024-07-18T17:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "12.2.8.410"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-04-09T21:16Z"}