CVE-2021-27456

Philips Gemini PET/CT Storage of Sensitive Data in a Mechanism Without Access Control

Description

Philips Gemini PET/CT family software stores sensitive information in a removable media device that does not have built-in access control.

Remediation

Workaround:

  • Philips has identified the following guidance and mitigations: Users should operate all Philips deployed and supported Gemini PET/CT systems within Philips authorized specifications, including Philips approved software, software configuration, system services, and security configuration. Philips also recommends users implement a comprehensive, multi-layered strategy to protect systems from internal and external security threats, including restricting physical access of the scanner and removable media to only authorized personnel to reduce the risk of physical access by an unauthorized user. Patient health related information recorded on removable media may become accessible to unauthorized individuals despite the application of the anonymize function, which could create a security risk. Users with questions regarding their specific installations of the Gemini PET/CT Family should contact a Philips service support team. Philips contact information is available at https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or 1-800-722-9377 The Philips advisory is available. Please see the Philips product security website for the latest security information for Philips products.

Categories

2.4
CVSS
Severity: Low
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.08%
Third-Party Advisory cisa.gov
Affected: Philips Gemini 16 Slice
Affected: Philips Gemini Dual
Affected: Philips Gemini GXL 10 Slice
Affected: Philips Gemini GXL 6 Slice
Affected: Philips Gemini GXL 16 Slice
Affected: Philips GEMINI LXL
Affected: Philips Gemini TF Ready
Affected: Philips Gemini TF 16 w/ TOF Performance
Affected: Philips Gemini TF 64 w/ TOF Performance
Affected: Philips Gemini TF Big Bore
Affected: Philips TruFlight Select PET/CT
Published at:
Updated at:

References

Link Tags
https://www.cisa.gov/uscert/ics/advisories/icsma-21-084-01 third party advisory us government resource
https://www.philips.com/productsecurity product

Frequently Asked Questions

What is the severity of CVE-2021-27456?
CVE-2021-27456 has been scored as a low severity vulnerability.
How to fix CVE-2021-27456?
As a workaround for remediating CVE-2021-27456: Philips has identified the following guidance and mitigations: Users should operate all Philips deployed and supported Gemini PET/CT systems within Philips authorized specifications, including Philips approved software, software configuration, system services, and security configuration. Philips also recommends users implement a comprehensive, multi-layered strategy to protect systems from internal and external security threats, including restricting physical access of the scanner and removable media to only authorized personnel to reduce the risk of physical access by an unauthorized user. Patient health related information recorded on removable media may become accessible to unauthorized individuals despite the application of the anonymize function, which could create a security risk. Users with questions regarding their specific installations of the Gemini PET/CT Family should contact a Philips service support team. Philips contact information is available at https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or 1-800-722-9377 The Philips advisory is available. Please see the Philips product security website for the latest security information for Philips products.
Is CVE-2021-27456 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-27456 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-27456?
CVE-2021-27456 affects Philips Gemini 16 Slice, Philips Gemini Dual, Philips Gemini GXL 10 Slice, Philips Gemini GXL 6 Slice, Philips Gemini GXL 16 Slice, Philips GEMINI LXL, Philips Gemini TF Ready, Philips Gemini TF 16 w/ TOF Performance, Philips Gemini TF 64 w/ TOF Performance, Philips Gemini TF Big Bore, Philips TruFlight Select PET/CT.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.