Federal authorities and medical device producer Philips have handed out security cautions about security vulnerabilities in some of the company’s patient monitoring software. In alerts published Thursday, Philips and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency report that various “low-to-moderate” security vulnerabilities were identified in specific versions of the Philips IntelliVue Patient Monitor system, PerformanceBridge Focal Point, PIC iX, software, and the Patient Information Center iX,
The vulnerabilities compel a low skill level to manipulate, the advisories note. Successful exploitation of these vulnerabilities could result in the illegal entry, halted monitoring and collection of access to patient data. To successfully manipulate the vulnerabilities, though, an attacker would require physical access to supervision stations and client monitors or entry to the medical device network.
Vulnerabilities Identified in Philips Patient Monitoring Software
The vulnerabilities observed include:
- Improper neutralization of formula elements in a comma-separated value, or CSV, file;
- Improper check for certificate revocation;
- Improper authentication;
- Cross-site scripting;
- Improper handling of length parameter inconsistency;
- Exposure of resources to the wrong sphere.
- Improper input validation;
- Improper validation of syntactic correctness of input;
“As of now, there are no available tackles available for these issues”, Philips says. And the company says it has not obtained any allegations tied to the vulnerabilities of events influencing clinical use. Philips intends to release a series of updates to clear all reported vulnerabilities for affected products.
Also Read – Google fixes strange audio cut in Pixel Buds.