Security Vulnerabilities identified in Philips Patient Monitoring Software


    Federal authorities and medical device producer Philips have handed out security cautions about security vulnerabilities in some of the company’s patient monitoring software. In alerts published Thursday, Philips and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency report that various “low-to-moderate” security vulnerabilities were identified in specific versions of the Philips IntelliVue Patient Monitor system, PerformanceBridge Focal Point,  PIC iX, software, and the Patient Information Center iX, 

    The vulnerabilities compel a low skill level to manipulate, the advisories note. Successful exploitation of these vulnerabilities could result in the illegal entry, halted monitoring and collection of access to patient data. To successfully manipulate the vulnerabilities, though, an attacker would require physical access to supervision stations and client monitors or entry to the medical device network.

    Vulnerabilities Identified in Philips Patient Monitoring Software

    The vulnerabilities observed include:

    • Improper neutralization of formula elements in a comma-separated value, or CSV, file;
    • Improper check for certificate revocation;
    • Improper authentication;
    • Cross-site scripting;
    • Improper handling of length parameter inconsistency;
    • Exposure of resources to the wrong sphere.
    • Improper input validation;
    • Improper validation of syntactic correctness of input;

    “As of now, there are no available tackles available for these issues”, Philips says. And the company says it has not obtained any allegations tied to the vulnerabilities of events influencing clinical use. Philips intends to release a series of updates to clear all reported vulnerabilities for affected products.

    Also Read – Google fixes strange audio cut in Pixel Buds.

    Recent Articles

    Cypress announced the release of Cypress Component Test Runner, the leading automated testing platform announced on 6th April 2021, the release of Cypress’s dedicated Component Test Runner. The Test Runner is formulated...

    Weekly Newsletter (4th Apr’ 21 to 10th Apr’ 21)

      Here’s the Weekly Newsletter from 4th April’ 2021 to 10th April’ 2021: 1. Tricentis acquires Neotys to broaden its continuous software testing capabilities - Tricentis,...

    Catchpoint announces General Availability of WebPageTest API with enhanced features

      Catchpoint, the digital experience monitoring solution provider announced on 6th April 2021, the public availability of the WebPageTest API which was initially accessible by...

    Dynatrace introduces Cloud-Based Automation to enhance its Software Intelligence Platform

      Software intelligence corporation Dynatrace has enhanced and added new capabilities in cloud-based automation to its software intelligence platform. The capabilities are provided through a...

    FailQonf – Conference on Failures around Testing & Quality

      FailQonf is a Software Testing Conference organized by The Test Trible - India's largest Software Testing Community. While Failure is a common element of...

    Related Stories

    Stay on op - Ge the daily news in your inbox