CVE-2021-33020 HIGH

CVE-2021-33020: Philips Vue PACS Use of a Key Past its Expiration Date

Vendor Philips
Product Vue PACS
Weakness CWE-324
Published April 1, 2022
Last update April 16, 2025

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

What the vulnerability does

01Description

Philips Vue PACS versions 12.2.x.x and prior uses a cryptographic key or password past its expiration date, which diminishes its safety significantly by increasing the timing window for cracking attacks against that key.

Key dates

02Disclosure timeline

April 1, 2022 CVE published
April 16, 2025 Record updated