CVE-2021-42744

Philips MRI 1.5T and 3T Information Exposure

Description

Philips MRI 1.5T and MRI 3T Version 5.x.x exposes sensitive information to an actor not explicitly authorized to have access.

Remediation

Workaround:

  • Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following: Users should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter. Users with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. For more information regarding these vulnerabilities, see the Philips product security advisory website. Users can also visit the Philips product security website for the latest security information for Philips products.

Category

6.2
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.05%
Vendor Advisory philips.com
Affected: Philips MRI 1.5T
Affected: Philips MRI 3T
Published at:
Updated at:

References

Link Tags
https://us-cert.cisa.gov/ics/advisories/icsma-21-313-01 third party advisory us government resource
https://www.usa.philips.com/healthcare/about/customer-support/product-security vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-42744?
CVE-2021-42744 has been scored as a medium severity vulnerability.
How to fix CVE-2021-42744?
As a workaround for remediating CVE-2021-42744: Philips plans a new release to remediate these vulnerabilities by October 2022. As an interim mitigation to these vulnerabilities, Philips recommends the following: Users should operate all Philips deployed and supported products within Philips authorized specifications, including physical and logical controls. Only allowed personnel are permitted in the vicinity of the product. Refer to the Philips instructions for use (IFU) available on InCenter. Users with questions about their specific MRI product should contact a Philips service support team or regional service support. Philips contact information is available at the Philips customer service solutions website or by calling 1-800-722-9377. For more information regarding these vulnerabilities, see the Philips product security advisory website. Users can also visit the Philips product security website for the latest security information for Philips products.
Is CVE-2021-42744 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-42744 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-42744?
CVE-2021-42744 affects Philips MRI 1.5T, Philips MRI 3T.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.