MitM attack in Philips Interoperability Solution XDS

Published: 2021-06-25
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-32966
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Interoperability Solution XDS
Hardware solutions / Medical equipment

Vendor Philips

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Cleartext transmission of sensitive information

EUVDB-ID: #VU54386

Risk: Low


CVE-ID: CVE-2021-32966

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals. A remote attacker with ability to intercept network traffic can remotely read LDAP system credentials.


Install updates from vendor's website.

Vulnerable software versions

Interoperability Solution XDS: 2.5 - 2021-1

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?