Philips Vue PACS Protection Mechanism Failure Vulnerability Allowing Directed Attacks

A vulnerability exists in Philips Vue PACS versions 12.2.x.x and prior, as well as in Vue MyVue, Vue Speech, and Vue Motion applications through version 12.2.1.5. The issue arises from an improper implementation or failure of a protection mechanism, leaving the product susceptible to directed attacks. This vulnerability is part of a broader set of security issues within the Vue PACS ecosystem, including cleartext transmission of sensitive information, improper input validation, and cross-site scripting, among others.

Impact

Exploitation of this vulnerability could allow unauthorized individuals to bypass security measures, potentially leading to eavesdropping, unauthorized data access or modification, system access, code execution, installation of unauthorized software, or disruption of system data integrity, adversely affecting the system's overall security and functionality.

Remediation

Philips has released version 12.2.1.6 for Vue PAC (WFM), Vue Motion (Enterprise Viewer), Vue Explorer, and Web System Configuration, which addresses this vulnerability. For specific Philips Vue PACS installations and release eligibility, contact a Philips Sales representative or submit a quote request through the eService portal.