Search criteria
ⓘ
Use full-text search for keyword queries.
Combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by dates instead of relevance.
6 vulnerabilities found for mri_3t_firmware by philips
CVE-2021-42744 (GCVE-0-2021-42744)
Vulnerability from nvd – Published: 2021-11-19 18:36 – Updated: 2026-04-02 13:45
VLAI?
Title
Philips MRI 1.5T and 3T Information Exposure
Summary
Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Severity ?
CWE
- CWE-552 - Files or directories accessible to external parties
Assigner
References
Impacted products
Credits
Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MRI 1.5T",
"vendor": "Philips",
"versions": [
{
"lessThanOrEqual": "5.8.1",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MRI 3T",
"vendor": "Philips",
"versions": [
{
"lessThanOrEqual": "5.8.1",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:mri_1.5t:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:mri_3t:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.\u003c/p\u003e"
}
],
"value": "Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or directories accessible to external parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:45:03.309Z",
"orgId": "20705f08-db8b-4497-8f94-7eea62317651",
"shortName": "Philips"
},
"references": [
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"title": "Philips MRI 1.5T and 3T Information Exposure",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips released a software upgrade version 5.8.2 to remediate these vulnerabilities and can be referenced by FCO78100619. As an interim mitigation to these vulnerabilities, Philips recommends the following:\u003c/p\u003e\u003cp\u003eUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter https://incenter.medical.philips.com.\u003c/p\u003e\u003cp\u003eUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website http://philips.com/productsecurity or by calling 1-800-722-9377.\u003c/p\u003e\u003cp\u003eFor more information regarding these vulnerabilities, see the Philips product security advisory website http://philips.com/productsecurity.\u003c/p\u003e\u003cp\u003eUsers can also visit the Philips product security website for the latest security information for Philips products.\u003c/p\u003e"
}
],
"value": "Philips released a software upgrade version 5.8.2 to remediate these vulnerabilities and can be referenced by FCO78100619. As an interim mitigation to these vulnerabilities, Philips recommends the following:\n\nUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter https://incenter.medical.philips.com.\n\nUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website http://philips.com/productsecurity or by calling 1-800-722-9377.\n\nFor more information regarding these vulnerabilities, see the Philips product security advisory website http://philips.com/productsecurity.\n\nUsers can also visit the Philips product security website for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-42744",
"STATE": "PUBLIC",
"TITLE": "Philips MRI 1.5T and 3T Information Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MRI 1.5T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "5.x.x"
}
]
}
},
{
"product_name": "MRI 3T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x.x"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "MISC",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
]
},
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following:Users should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter.Users with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. For more information regarding these vulnerabilities, see the Philips product security advisory website.Users can also visit the Philips product security website for the latest security information for Philips products."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42744",
"datePublished": "2021-11-19T18:36:49.000Z",
"dateReserved": "2021-11-11T00:00:00.000Z",
"dateUpdated": "2026-04-02T13:45:03.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-26262 (GCVE-0-2021-26262)
Vulnerability from nvd – Published: 2021-11-19 18:35 – Updated: 2026-04-02 13:44
VLAI?
Title
Philips MRI 1.5T and 3T Improper Access Control
Summary
Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Severity ?
CWE
- CWE-286 - Incorrect User Management
Assigner
References
Impacted products
Credits
Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MRI 1.5T",
"vendor": "Philips",
"versions": [
{
"lessThanOrEqual": "5.8.1",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MRI 3T",
"vendor": "Philips",
"versions": [
{
"lessThanOrEqual": "5.8.1",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:mri_1.5t:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:mri_3t:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.\u003c/p\u003e"
}
],
"value": "Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-286",
"description": "CWE-286 Incorrect User Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:44:46.768Z",
"orgId": "20705f08-db8b-4497-8f94-7eea62317651",
"shortName": "Philips"
},
"references": [
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"title": "Philips MRI 1.5T and 3T Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nPhilips released a software upgrade version 5.8.2 to remediate these vulnerabilities and can be\nreferenced by FCO78100619.\n\n As an interim mitigation to these vulnerabilities, Philips recommends the following:\u003c/p\u003e\u003cp\u003eUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter https://incenter.medical.philips.com.\u003c/p\u003e\u003cp\u003eUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website \nhttp://philips.com/productsecurity\n\nor by calling 1-800-722-9377. \u003c/p\u003e\u003cp\u003eFor more information regarding these vulnerabilities, see the Philips product security advisory website \nhttp://philips.com/productsecurity.\u003c/p\u003e\u003cp\u003eUsers can also visit the Philips product security website for the latest security information for Philips products.\u003c/p\u003e"
}
],
"value": "Philips released a software upgrade version 5.8.2 to remediate these vulnerabilities and can be\nreferenced by FCO78100619.\n\n As an interim mitigation to these vulnerabilities, Philips recommends the following:\n\nUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter https://incenter.medical.philips.com.\n\nUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website \nhttp://philips.com/productsecurity\n\nor by calling 1-800-722-9377. \n\nFor more information regarding these vulnerabilities, see the Philips product security advisory website \nhttp://philips.com/productsecurity.\n\nUsers can also visit the Philips product security website for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-26262",
"STATE": "PUBLIC",
"TITLE": "Philips MRI 1.5T and 3T Improper Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MRI 1.5T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "5.x.x"
}
]
}
},
{
"product_name": "MRI 3T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x.x"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "MISC",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
]
},
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following:Users should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter.Users with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. For more information regarding these vulnerabilities, see the Philips product security advisory website.Users can also visit the Philips product security website for the latest security information for Philips products."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-26262",
"datePublished": "2021-11-19T18:35:52.000Z",
"dateReserved": "2021-11-11T00:00:00.000Z",
"dateUpdated": "2026-04-02T13:44:46.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-26248 (GCVE-0-2021-26248)
Vulnerability from nvd – Published: 2021-11-19 18:37 – Updated: 2026-04-02 13:44
VLAI?
Title
Philips MRI 1.5T and 3T Incorrect Ownership Assignment
Summary
Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Severity ?
CWE
- CWE-708 - Incorrect Ownership Assignment
Assigner
References
Impacted products
Credits
Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MRI 1.5T",
"vendor": "Philips",
"versions": [
{
"lessThanOrEqual": "5.8.1",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MRI 3T",
"vendor": "Philips",
"versions": [
{
"lessThanOrEqual": "5.8.1",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:mri_1.5t:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:mri_3t:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.\u003c/p\u003e"
}
],
"value": "Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708 Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:44:55.696Z",
"orgId": "20705f08-db8b-4497-8f94-7eea62317651",
"shortName": "Philips"
},
"references": [
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"title": "Philips MRI 1.5T and 3T Incorrect Ownership Assignment",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips released a software upgrade version 5.8.2 to remediate these vulnerabilities and can be referenced by FCO78100619. As an interim mitigation to these vulnerabilities, Philips recommends the following:\u003c/p\u003e\u003cp\u003eUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter https://incenter.medical.philips.com.\u003c/p\u003e\u003cp\u003eUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website http://philips.com/productsecurity or by calling 1-800-722-9377.\u003c/p\u003e\u003cp\u003eFor more information regarding these vulnerabilities, see the Philips product security advisory website http://philips.com/productsecurity.\u003c/p\u003e\u003cp\u003eUsers can also visit the Philips product security website for the latest security information for Philips products.\u003c/p\u003e"
}
],
"value": "Philips released a software upgrade version 5.8.2 to remediate these vulnerabilities and can be referenced by FCO78100619. As an interim mitigation to these vulnerabilities, Philips recommends the following:\n\nUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter https://incenter.medical.philips.com.\n\nUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website http://philips.com/productsecurity or by calling 1-800-722-9377.\n\nFor more information regarding these vulnerabilities, see the Philips product security advisory website http://philips.com/productsecurity.\n\nUsers can also visit the Philips product security website for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-26248",
"STATE": "PUBLIC",
"TITLE": "Philips MRI 1.5T and 3T Incorrect Ownership Assignment"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MRI 1.5T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "5.x.x"
}
]
}
},
{
"product_name": "MRI 3T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x.x"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-708 Incorrect Ownership Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "MISC",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
]
},
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following:Users should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter.Users with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. For more information regarding these vulnerabilities, see the Philips product security advisory website.Users can also visit the Philips product security website for the latest security information for Philips products."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-26248",
"datePublished": "2021-11-19T18:37:35.000Z",
"dateReserved": "2021-11-11T00:00:00.000Z",
"dateUpdated": "2026-04-02T13:44:55.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-26248 (GCVE-0-2021-26248)
Vulnerability from cvelistv5 – Published: 2021-11-19 18:37 – Updated: 2026-04-02 13:44
VLAI?
Title
Philips MRI 1.5T and 3T Incorrect Ownership Assignment
Summary
Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Severity ?
CWE
- CWE-708 - Incorrect Ownership Assignment
Assigner
References
Impacted products
Credits
Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MRI 1.5T",
"vendor": "Philips",
"versions": [
{
"lessThanOrEqual": "5.8.1",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MRI 3T",
"vendor": "Philips",
"versions": [
{
"lessThanOrEqual": "5.8.1",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:mri_1.5t:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:mri_3t:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.\u003c/p\u003e"
}
],
"value": "Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-708",
"description": "CWE-708 Incorrect Ownership Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:44:55.696Z",
"orgId": "20705f08-db8b-4497-8f94-7eea62317651",
"shortName": "Philips"
},
"references": [
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"title": "Philips MRI 1.5T and 3T Incorrect Ownership Assignment",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips released a software upgrade version 5.8.2 to remediate these vulnerabilities and can be referenced by FCO78100619. As an interim mitigation to these vulnerabilities, Philips recommends the following:\u003c/p\u003e\u003cp\u003eUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter https://incenter.medical.philips.com.\u003c/p\u003e\u003cp\u003eUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website http://philips.com/productsecurity or by calling 1-800-722-9377.\u003c/p\u003e\u003cp\u003eFor more information regarding these vulnerabilities, see the Philips product security advisory website http://philips.com/productsecurity.\u003c/p\u003e\u003cp\u003eUsers can also visit the Philips product security website for the latest security information for Philips products.\u003c/p\u003e"
}
],
"value": "Philips released a software upgrade version 5.8.2 to remediate these vulnerabilities and can be referenced by FCO78100619. As an interim mitigation to these vulnerabilities, Philips recommends the following:\n\nUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter https://incenter.medical.philips.com.\n\nUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website http://philips.com/productsecurity or by calling 1-800-722-9377.\n\nFor more information regarding these vulnerabilities, see the Philips product security advisory website http://philips.com/productsecurity.\n\nUsers can also visit the Philips product security website for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-26248",
"STATE": "PUBLIC",
"TITLE": "Philips MRI 1.5T and 3T Incorrect Ownership Assignment"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MRI 1.5T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "5.x.x"
}
]
}
},
{
"product_name": "MRI 3T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x.x"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-708 Incorrect Ownership Assignment"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "MISC",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
]
},
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following:Users should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter.Users with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. For more information regarding these vulnerabilities, see the Philips product security advisory website.Users can also visit the Philips product security website for the latest security information for Philips products."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-26248",
"datePublished": "2021-11-19T18:37:35.000Z",
"dateReserved": "2021-11-11T00:00:00.000Z",
"dateUpdated": "2026-04-02T13:44:55.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-42744 (GCVE-0-2021-42744)
Vulnerability from cvelistv5 – Published: 2021-11-19 18:36 – Updated: 2026-04-02 13:45
VLAI?
Title
Philips MRI 1.5T and 3T Information Exposure
Summary
Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Severity ?
CWE
- CWE-552 - Files or directories accessible to external parties
Assigner
References
Impacted products
Credits
Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:38:50.147Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MRI 1.5T",
"vendor": "Philips",
"versions": [
{
"lessThanOrEqual": "5.8.1",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MRI 3T",
"vendor": "Philips",
"versions": [
{
"lessThanOrEqual": "5.8.1",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:mri_1.5t:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:mri_3t:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.\u003c/p\u003e"
}
],
"value": "Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-552",
"description": "CWE-552 Files or directories accessible to external parties",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:45:03.309Z",
"orgId": "20705f08-db8b-4497-8f94-7eea62317651",
"shortName": "Philips"
},
"references": [
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"title": "Philips MRI 1.5T and 3T Information Exposure",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips released a software upgrade version 5.8.2 to remediate these vulnerabilities and can be referenced by FCO78100619. As an interim mitigation to these vulnerabilities, Philips recommends the following:\u003c/p\u003e\u003cp\u003eUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter https://incenter.medical.philips.com.\u003c/p\u003e\u003cp\u003eUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website http://philips.com/productsecurity or by calling 1-800-722-9377.\u003c/p\u003e\u003cp\u003eFor more information regarding these vulnerabilities, see the Philips product security advisory website http://philips.com/productsecurity.\u003c/p\u003e\u003cp\u003eUsers can also visit the Philips product security website for the latest security information for Philips products.\u003c/p\u003e"
}
],
"value": "Philips released a software upgrade version 5.8.2 to remediate these vulnerabilities and can be referenced by FCO78100619. As an interim mitigation to these vulnerabilities, Philips recommends the following:\n\nUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter https://incenter.medical.philips.com.\n\nUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website http://philips.com/productsecurity or by calling 1-800-722-9377.\n\nFor more information regarding these vulnerabilities, see the Philips product security advisory website http://philips.com/productsecurity.\n\nUsers can also visit the Philips product security website for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-42744",
"STATE": "PUBLIC",
"TITLE": "Philips MRI 1.5T and 3T Information Exposure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MRI 1.5T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "5.x.x"
}
]
}
},
{
"product_name": "MRI 3T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x.x"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "MISC",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
]
},
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following:Users should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter.Users with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. For more information regarding these vulnerabilities, see the Philips product security advisory website.Users can also visit the Philips product security website for the latest security information for Philips products."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-42744",
"datePublished": "2021-11-19T18:36:49.000Z",
"dateReserved": "2021-11-11T00:00:00.000Z",
"dateUpdated": "2026-04-02T13:45:03.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-26262 (GCVE-0-2021-26262)
Vulnerability from cvelistv5 – Published: 2021-11-19 18:35 – Updated: 2026-04-02 13:44
VLAI?
Title
Philips MRI 1.5T and 3T Improper Access Control
Summary
Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Severity ?
CWE
- CWE-286 - Incorrect User Management
Assigner
References
Impacted products
Credits
Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips.
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:19:20.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "MRI 1.5T",
"vendor": "Philips",
"versions": [
{
"lessThanOrEqual": "5.8.1",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "MRI 3T",
"vendor": "Philips",
"versions": [
{
"lessThanOrEqual": "5.8.1",
"status": "affected",
"version": "5.3",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:mri_1.5t:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:philips:mri_3t:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.8.1",
"versionStartIncluding": "5.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003ePhilips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor.\u003c/p\u003e"
}
],
"value": "Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-286",
"description": "CWE-286 Incorrect User Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-02T13:44:46.768Z",
"orgId": "20705f08-db8b-4497-8f94-7eea62317651",
"shortName": "Philips"
},
"references": [
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
],
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"title": "Philips MRI 1.5T and 3T Improper Access Control",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\nPhilips released a software upgrade version 5.8.2 to remediate these vulnerabilities and can be\nreferenced by FCO78100619.\n\n As an interim mitigation to these vulnerabilities, Philips recommends the following:\u003c/p\u003e\u003cp\u003eUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter https://incenter.medical.philips.com.\u003c/p\u003e\u003cp\u003eUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website \nhttp://philips.com/productsecurity\n\nor by calling 1-800-722-9377. \u003c/p\u003e\u003cp\u003eFor more information regarding these vulnerabilities, see the Philips product security advisory website \nhttp://philips.com/productsecurity.\u003c/p\u003e\u003cp\u003eUsers can also visit the Philips product security website for the latest security information for Philips products.\u003c/p\u003e"
}
],
"value": "Philips released a software upgrade version 5.8.2 to remediate these vulnerabilities and can be\nreferenced by FCO78100619.\n\n As an interim mitigation to these vulnerabilities, Philips recommends the following:\n\nUsers should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter https://incenter.medical.philips.com.\n\nUsers with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website \nhttp://philips.com/productsecurity\n\nor by calling 1-800-722-9377. \n\nFor more information regarding these vulnerabilities, see the Philips product security advisory website \nhttp://philips.com/productsecurity.\n\nUsers can also visit the Philips product security website for the latest security information for Philips products."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2021-26262",
"STATE": "PUBLIC",
"TITLE": "Philips MRI 1.5T and 3T Improper Access Control"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MRI 1.5T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_name": "All",
"version_value": "5.x.x"
}
]
}
},
{
"product_name": "MRI 3T",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.x.x"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Michael Aguilar, a Secureworks Adversary Group consultant, reported these vulnerabilities to Philips."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a resource from an unauthorized actor."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-284 Improper Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01"
},
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "MISC",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
}
]
},
"source": {
"advisory": "ICSMA-21-313-01",
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following:Users should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter.Users with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. For more information regarding these vulnerabilities, see the Philips product security advisory website.Users can also visit the Philips product security website for the latest security information for Philips products."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2021-26262",
"datePublished": "2021-11-19T18:35:52.000Z",
"dateReserved": "2021-11-11T00:00:00.000Z",
"dateUpdated": "2026-04-02T13:44:46.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}