Security Vulnerabilities identified in Philips Patient Monitoring Software


    Federal authorities and medical device producer Philips have handed out security cautions about security vulnerabilities in some of the company’s patient monitoring software. In alerts published Thursday, Philips and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency report that various “low-to-moderate” security vulnerabilities were identified in specific versions of the Philips IntelliVue Patient Monitor system, PerformanceBridge Focal Point,  PIC iX, software, and the Patient Information Center iX, 

    The vulnerabilities compel a low skill level to manipulate, the advisories note. Successful exploitation of these vulnerabilities could result in the illegal entry, halted monitoring and collection of access to patient data. To successfully manipulate the vulnerabilities, though, an attacker would require physical access to supervision stations and client monitors or entry to the medical device network.

    Vulnerabilities Identified in Philips Patient Monitoring Software

    The vulnerabilities observed include:

    • Improper neutralization of formula elements in a comma-separated value, or CSV, file;
    • Improper check for certificate revocation;
    • Improper authentication;
    • Cross-site scripting;
    • Improper handling of length parameter inconsistency;
    • Exposure of resources to the wrong sphere.
    • Improper input validation;
    • Improper validation of syntactic correctness of input;

    “As of now, there are no available tackles available for these issues”, Philips says. And the company says it has not obtained any allegations tied to the vulnerabilities of events influencing clinical use. Philips intends to release a series of updates to clear all reported vulnerabilities for affected products.

    Also Read – Google fixes strange audio cut in Pixel Buds.

    Recent Articles

    Mabl Introduces Native Desktop Application with API and Mobile Test Automation Capabilities

      Mabl, the prominent intelligent test automation firm, proclaimed on 24th February the beta release of their recent native desktop application that authorizes users to...

    Software testing company Qualitest acquires QA InfoTech

      Qualitest, the world's largest independent managed services provider of quality assurance and testing solutions, announced on 18th February 2021 that they have acquired QA...

    Beginners guide to Submit Paper for Software Testing Conferences

      Software Testing Conferences have become extremely important nowadays with constant changes in techniques, and up-gradation of technology, it is extremely important for Testers to...

    Google’s Payout to Bug Hunters Hits All-time high of $6.7 Million

      Google announced on 4th February 2021 that it has paid over $6.7 million in reward to 662 security researchers across 62 countries for catching...

    Provar Secures $17M in Series A Funding

      London-based Provar is a company that assists clients and partners in making Salesforce better with repeatable and manageable test automation. It pairs instinctive testing...

    Related Stories

    Stay on op - Ge the daily news in your inbox