CVE-2021-33020

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-33020

CWE

https://cwe.mitre.org/data/definitions/324.html

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

Weakness

The product uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

Affected Software

Name	Vendor	Start Version	End Version
Myvue	Philips	*	12.2.1.5 (excluding)
Speech	Philips	*	12.2.8.0 (excluding)
Vue_motion	Philips	*	12.2.1.5 (excluding)
Vue_pacs	Philips	*	12.2.8.0 (excluding)

Potential Mitigations

References

http://www.philips.com/productsecurity
https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01
http://www.philips.com/productsecurity
https://www.cisa.gov/uscert/ics/advisories/icsma-21-187-01

Use of a Key Past its Expiration Date

Weakness

Affected Software

Potential Mitigations

References