Sign-up

ID

VAR-202106-1969


CVE

CVE-2021-32966


TITLE

Philips  Made  Interoperability Solution XDS  Vulnerability of sending important information in plain text

Trust: 0.8

sources: JVNDB: JVNDB-2021-001893

DESCRIPTION

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. Philips Provided by the company Interoperability Solution XDS document sharing system is a medical document sharing system. (CWE-319 , CVE-2021-32966) There is a vulnerability to this.By a remote third party, LDAP credentials could be read. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Philips Interoperability Solution XDS is a European Philips (Philips) company's solution. Provides an open standards-based platform that supports all types of medical images and clinical information. Philips Interoperability Solution XDS has a security vulnerability, which stems from. The vulnerability could allow a remote attacker to gain access to sensitive information. Affected products and versions are as follows: Interoperability Solution XDS: 2.5, 3.11, 2018-1, 2021-1

Trust: 2.34

sources: NVD: CVE-2021-32966 // JVNDB: JVNDB-2021-001893 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-392952 // VULMON: CVE-2021-32966

AFFECTED PRODUCTS

vendor:philipsmodel:interoperability solution xdsscope:lteversion:3.11

Trust: 1.0

vendor:philipsmodel:interoperability solution xdsscope:gteversion:2018-1

Trust: 1.0

vendor:philipsmodel:interoperability solution xdsscope:gteversion:2.5

Trust: 1.0

vendor:philipsmodel:interoperability solution xdsscope:lteversion:2021-1

Trust: 1.0

vendor:フィリップスmodel:interoperability solution xds document sharing systemscope:eqversion:v2018-1 to v2021-1 to

Trust: 0.8

vendor:フィリップスmodel:interoperability solution xds document sharing systemscope:eqversion: -

Trust: 0.8

vendor:フィリップスmodel:interoperability solution xds document sharing systemscope:eqversion:v2.5 to v3.11 to

Trust: 0.8

sources: JVNDB: JVNDB-2021-001893 // NVD: CVE-2021-32966

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-32966
value: HIGH

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-32966
value: LOW

Trust: 1.0

NVD: CVE-2021-32966
value: LOW

Trust: 0.8

CNNVD: CNNVD-202106-1653
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULHUB: VHN-392952
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-32966
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-32966
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-392952
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-32966
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

ics-cert@hq.dhs.gov: CVE-2021-32966
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 1.4
version: 3.1

Trust: 1.0

IPA: JVNDB-2021-001893
baseSeverity: LOW
baseScore: 3.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-392952 // VULMON: CVE-2021-32966 // JVNDB: JVNDB-2021-001893 // CNNVD: CNNVD-202106-1653 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-32966 // NVD: CVE-2021-32966

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.1

problemtype:Sending important information in clear text (CWE-319) [IPA evaluation ]

Trust: 0.8

sources: VULHUB: VHN-392952 // JVNDB: JVNDB-2021-001893 // NVD: CVE-2021-32966

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-1653

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202106-1653 // CNNVD: CNNVD-202104-975

PATCH

title:Customer Service Solutionsurl:https://www.philips.com/a-w/security/security-advisories.html

Trust: 0.8

title:Philips Interoperability Solution XDS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=155089

Trust: 0.6

sources: JVNDB: JVNDB-2021-001893 // CNNVD: CNNVD-202106-1653

EXTERNAL IDS

db:NVDid:CVE-2021-32966

Trust: 3.4

db:ICS CERTid:ICSMA-21-175-01

Trust: 2.6

db:JVNid:JVNVU93414026

Trust: 0.8

db:JVNDBid:JVNDB-2021-001893

Trust: 0.8

db:AUSCERTid:ESB-2021.2235

Trust: 0.6

db:CS-HELPid:SB2021062503

Trust: 0.6

db:CNNVDid:CNNVD-202106-1653

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULHUBid:VHN-392952

Trust: 0.1

db:VULMONid:CVE-2021-32966

Trust: 0.1

sources: VULHUB: VHN-392952 // VULMON: CVE-2021-32966 // JVNDB: JVNDB-2021-001893 // CNNVD: CNNVD-202106-1653 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-32966

REFERENCES

url:https://www.cisa.gov/uscert/ics/advisories/icsma-21-175-01

Trust: 1.8

url:https://us-cert.cisa.gov/ics/advisories/icsma-21-175-01

Trust: 1.4

url:http://jvn.jp/cert/jvnvu93414026

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-32966

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2021.2235

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021062503

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2021-32966/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/319.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-392952 // VULMON: CVE-2021-32966 // JVNDB: JVNDB-2021-001893 // CNNVD: CNNVD-202106-1653 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-32966

CREDITS

Philips reported this vulnerability to CISA.

Trust: 0.6

sources: CNNVD: CNNVD-202106-1653

SOURCES

db:VULHUBid:VHN-392952
db:VULMONid:CVE-2021-32966
db:JVNDBid:JVNDB-2021-001893
db:CNNVDid:CNNVD-202106-1653
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-32966

LAST UPDATE DATE

2024-08-14T12:27:04.688000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-392952date:2022-06-08T00:00:00
db:VULMONid:CVE-2021-32966date:2022-06-08T00:00:00
db:JVNDBid:JVNDB-2021-001893date:2024-06-18T07:20:00
db:CNNVDid:CNNVD-202106-1653date:2022-06-09T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-32966date:2022-06-08T14:29:06.183

SOURCES RELEASE DATE

db:VULHUBid:VHN-392952date:2022-05-25T00:00:00
db:VULMONid:CVE-2021-32966date:2022-05-25T00:00:00
db:JVNDBid:JVNDB-2021-001893date:2021-06-29T00:00:00
db:CNNVDid:CNNVD-202106-1653date:2021-06-24T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-32966date:2022-05-25T14:15:08.380