CVE-2021-27456

low-risk
Published 2022-03-23

Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.

Do I need to act?

-
0.06% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.4/10 Low
PHYSICAL / LOW complexity

Affected Products (11)

Gemini 882300 Firmware
Gemini 882160 Firmware
Gemini 882400 Firmware
Gemini 882390 Firmware
Gemini 882410 Firmware
Gemini 882412 Firmware
Gemini 882473 Firmware
Gemini 882470 Firmware
Gemini 882471 Firmware
Gemini 882476 Firmware
Truflight 882438 Firmware

Affected Vendors

Phillips

References (4)

Third Party Advisory https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01
Product https://www.philips.com/productsecurity
Third Party Advisory https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01
Product https://www.philips.com/productsecurity
26
/ 100
low-risk
Severity 10/34 · Low
Exploitability 0/34 · Minimal
Exposure 16/34 · Moderate