CVE-2021-26248

Philips MRI 1.5T and 3T Incorrect Ownership Assignment

CVSS 5.9 MEDIUMEPSS 0.2%CWE-708

In short

Philips MRI machines (versions 5.3-5.8.1) have a security flaw that allows unauthorized people to access medical imaging resources they shouldn't be able to reach. This is dangerous because it could expose sensitive patient data or allow tampering with critical medical equipment.

Technical detail

CWE-708 vulnerability in Philips MRI 1.5T and 3T systems fails to properly enforce access control on medical imaging resources. An unauthorized actor can access restricted resources without proper authentication or authorization checks, potentially compromising patient data confidentiality and system integrity.

Summary generated and translated by AI from the official description.

Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Philips · MRI 1.5T Philips · MRI 3T

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01 https://www.usa.philips.com/healthcare/about/customer-support/product-security