Philips Vue PACS (Update A)

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain access to the database, which could impact system availability and data integrity or cause a denial-of-service condition.

CVEs (2)

Remediations

• Philips recommends the following mitigations:
• For CVE-2021-28165, Philips recommends configuring the Vue PACS environment per D000763414 – Vue_PACS_12_Ports_Protocols_Services_Guide available on Incenter. Vue PACS version 12.2.8.410* released in October 2023 prevents this vulnerability.
• For managed services customers, new releases will be made available upon resource availability. Releases are subject to country specific regulations. Users with questions regarding their specific Philips Vue PACS installations and new release eligibility should contact their local Philips sales representative or submit a request in the Philips Informatics Support portal.
• Refer to the Philips advisory for more details.
• For CVE-2023-40704, Philips recommends no action needed due to low risk of exploitability, but customers can request that Philips update database password(s).

Affected Vendors

Affected Products (1)

Affected Sectors

Healthcare and Public Health