{"api_version":"1","generated_at":"2026-04-22T19:59:55+00:00","cve":"CVE-2021-43550","urls":{"html":"https://cve.report/CVE-2021-43550","api":"https://cve.report/api/cve/CVE-2021-43550.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-43550","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-43550"},"summary":{"title":"CVE-2021-43550","description":"The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0.","state":"PUBLIC","assigner":"ics-cert@hq.dhs.gov","published_at":"2021-12-27 19:15:00","updated_at":"2022-01-12 13:48:00"},"problem_types":["CWE-327"],"metrics":[],"references":[{"url":"https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02","name":"https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02","refsource":"MISC","tags":[],"title":"Philips Patient Information Center iX (PIC iX) and Efficia CM Series | CISA","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-43550","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43550","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"LEGACY","value":"Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks","lang":""}],"nvd_cpes":[{"cve_year":"2021","cve_id":"43550","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"h","cpe4":"philips","cpe5":"efficia_cm","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43550","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"philips","cpe5":"efficia_cm_firmware","cpe6":"4.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43550","vulnerable":"1","versionEndIncluding":"c.0x","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"philips","cpe5":"efficia_cm_firmware","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43550","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"philips","cpe5":"patient_information_center_ix","cpe6":"c.02","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"43550","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"philips","cpe5":"patient_information_center_ix","cpe6":"c.03","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"ics-cert@hq.dhs.gov","DATE_PUBLIC":"2021-11-18T15:34:00.000Z","ID":"CVE-2021-43550","STATE":"PUBLIC","TITLE":"Philips Patient Information Center iX (PIC iX) and Efficia CM Series Use of a Broken or Risky Cryptographic Algorithm"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Efficia CM Series","version":{"version_data":[{"version_affected":"<=","version_name":"A.01","version_value":"C.0x"},{"version_affected":"=","version_value":"4.0"}]}},{"product_name":"Patient Information Center iX (PIC iX)","version":{"version_data":[{"version_affected":"=","version_value":"C.02"},{"version_affected":"=","version_value":"C.03"}]}}]},"vendor_name":"Philips"}]}},"credit":[{"lang":"eng","value":"Younes Dragoni, Andrea Palanca and Ivan Speziale of Nozomi Networks"}],"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information, which affects the communications between Patient Information Center iX (PIC iX) Versions C.02 and C.03 and Efficia CM Series Revisions A.01 to C.0x and 4.0."}]},"generator":{"engine":"Vulnogram 0.0.9"},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"ADJACENT_NETWORK","availabilityImpact":"NONE","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-327 Use of a Broken or Risky Cryptographic Algorithm"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02","name":"https://www.cisa.gov/uscert/ics/advisories/icsma-21-322-02"}]},"solution":[{"lang":"eng"}],"source":{"advisory":"ICSMA-21-322-02","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2021-12-27 19:15:00","lastModifiedDate":"2022-01-12 13:48:00","problem_types":["CWE-327"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:A/AC:L/Au:N/C:P/I:N/A:N","accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":3.3},"severity":"LOW","exploitabilityScore":6.5,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:philips:patient_information_center_ix:c.02:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:philips:patient_information_center_ix:c.03:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:philips:efficia_cm_firmware:*:*:*:*:*:*:*:*","versionStartIncluding":"a.01","versionEndIncluding":"c.0x","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:philips:efficia_cm_firmware:4.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:h:philips:efficia_cm:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"43550","Ordinal":"220617","Title":"CVE-2021-43550","CVE":"CVE-2021-43550","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"43550","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}