CVE-2021-27493
CVE-2021-27493 is a medium-severity vulnerability in Philips Myvue with a CVSS 3.x base score of 6.1. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-707.
Key facts
- Severity: Medium (CVSS 3.x base score 6.1)
- CVSS v2: 6.4
- EPSS exploit prediction: 1% (47th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-707
- Affected product: Philips Myvue
- Published:
- Last modified:
Description
Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
Frequently asked questions
- What is CVE-2021-27493?
- Philips Vue PACS versions 12.2.x.x and prior does not ensure or incorrectly ensures structured messages or data are well formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.
- How severe is CVE-2021-27493?
- CVE-2021-27493 has a CVSS 3.x base score of 6.1, rated medium severity. It is exploitable over network with low attack complexity, requires no privileges and user interaction. Impact on confidentiality is low, integrity low, and availability none.
- Is CVE-2021-27493 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (47th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2021-27493?
- CVE-2021-27493 primarily affects Philips Myvue. In total, 4 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2021-27493?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2021-27493 published?
- CVE-2021-27493 was published on 2022-04-01 and last updated on 2026-06-17.
References
Affected products (4)
- cpe:2.3:a:philips:myvue:*:*:*:*:*:*:*:*
- cpe:2.3:a:philips:speech:*:*:*:*:*:*:*:*
- cpe:2.3:a:philips:vue_motion:*:*:*:*:*:*:*:*
- cpe:2.3:a:philips:vue_pacs:*:*:*:*:*:*:*:*
More vulnerabilities in Philips Myvue
- CVE-2021-33020 — High (CVSS 8.2): Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which…
- CVE-2021-33022 — High (CVSS 7.5): Philips Vue PACS versions 12.2.x.x and prior transmits sensitive or security-critical data in cleartext in a…
- CVE-2021-33018 — High (CVSS 7.5): The use of a broken or risky cryptographic algorithm in Philips Vue PACS versions 12.2.x.x and prior is an unnecessary…
- CVE-2021-27501 — High (CVSS 7.5): Philips Vue PACS versions 12.2.x.x and prior does not follow certain coding rules for development, which can lead to…
- CVE-2021-39369 — Medium (CVSS 6.5): In Philips (formerly Carestream) Vue MyVue PACS through 12.2.x.x, the VideoStream function allows Path Traversal by…
- CVE-2021-27497 — Medium (CVSS 6.5): Philips Vue PACS versions 12.2.x.x and prior does not use or incorrectly uses a protection mechanism that provides…
All CVEs affecting Philips Myvue →
Other CWE-707 (Improper Neutralization) vulnerabilities
- CVE-2023-46689 — High (CVSS 8.8): Improper neutralization in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to…
- CVE-2023-42773 — High (CVSS 8.8): Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to…
- CVE-2026-4249 — High (CVSS 8.6): The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without…
- CVE-2024-43572 — High (CVSS 7.8): Microsoft Management Console Remote Code Execution Vulnerability
- CVE-2019-10052 — High (CVSS 7.5): An issue was discovered in Suricata 4.1.3. If the network packet does not have the right length, the parser tries to…
- CVE-2018-3918 — High (CVSS 7.5): An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version…
Browse all CWE-707 (Improper Neutralization) vulnerabilities →