CISA apprize drug user and executive to subject the ICS medical advice ICSMA-21 - 187 - 01 Philips Vue PACS and instal any requisite rising slope or workarounds , accord to CISA . Seven of the 15 fault look to be unparalleled to Philips intersection , with the oddment impact third - party element like Redis , 7 - Zip , Oracle Database , jQuery , Python , and Apache Tomcat . wrong input proof , store intercept , unlawful assay-mark , unsafe / unlawful resource initialization , utilise of breathe out cryptological key , purpose of unaccented cryptographical algorithmic rule , unconventional manipulation of protective covering mechanism , information integrity put out , transversal - web site script ( XSS ) , improperly protect certificate , and cleartext transmittance of spiritualist information are all exemplar of protection kettle of fish . While CISA honorable mention a Philips protection consultive , the electronics manufacturer does not appear to have come out a public program line . The CVE Gem State for the Philips job are all 2021 . governing body can usance palliation to turn down the risk of development in the meanwhile . “ successful victimisation of these vulnerability could grant an unauthorised individual or work to eavesdrop , eyeshot or alter information , profit organisation admittance , perform encipher , instal unauthorised software package , or affect organisation datum wholeness in such a agency as to negatively touch the confidentiality , wholeness , or availability of the scheme , ” harmonize to CISA . Between 2012 and 2020 , trouble in third - party component were reveal . The perch are categorised as being of mass medium or Sir David Alexander Cecil Low vividness . many of the flaw are in third gear - political party ingredient . fit in to CISA , the go forth bear upon many Philips Clinical Collaboration Platform Portal ( Vue PACS ) merchandise , admit MyVue , Vue Speech , and Vue Motion . Some of the exposure have been spotted , harmonize to CISA , but others will not be patch up until the number one one-fourth of 2022 . Four of the flaw have been separate critical , while four have been snitch as ingest a mellow rigour .