The relaxation are categorised as being of intermediate or low gear chroma . according to CISA , the outcome sham many Philips Clinical Collaboration Platform Portal ( Vue PACS ) intersection , let in MyVue , Vue Speech , and Vue Motion . Seven of the 15 fault seem to be unparalleled to Philips Cartesian product , with the difference poignant third base - party factor like Redis , 7 - Zip , Oracle Database , jQuery , Python , and Apache Tomcat . The CVE Gem State for the Philips job are all 2021 . CISA give notice substance abuser and decision maker to analyze the ICS medical checkup advice ICSMA-21 - 187 - 01 Philips Vue PACS and instal any essential promote or workarounds , grant to CISA . Between 2012 and 2020 , trouble in tierce - political party constituent were detect . Four of the blemish have been sort critical , while four have been order as stimulate a gamy severeness . Some of the exposure have been patch up , concord to CISA , but others will not be patched until the first of all draw of 2022 . formation can use palliation to low-down the danger of using in the interim . many of the fault are in third base - party ingredient . “ successful development of these exposure could admit an unauthorized person or march to listen in , consider or change datum , realise system of rules memory access , do computer code , put in wildcat software , or touch scheme data point integrity in such a right smart as to negatively bear upon the confidentiality , wholeness , or availableness of the organization , ” grant to CISA . While CISA credit a Philips surety consultatory , the electronics manufacturing business does not seem to have bring out a public instruction . incorrect remark establishment , store tap , unlawful assay-mark , insecure / improper resourcefulness low-level formatting , apply of snuff it cryptographical paint , use of watery cryptographical algorithmic rule , improper use of goods and services of shelter mechanism , data unity issuing , intersect - locate script ( XSS ) , improperly protected credential , and cleartext transmission system of sensitive data point are all lesson of security muddle .