Security Vulnerabilities identified in Philips Patient Monitoring Software


    Federal authorities and medical device producer Philips have handed out security cautions about security vulnerabilities in some of the company’s patient monitoring software. In alerts published Thursday, Philips and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency report that various “low-to-moderate” security vulnerabilities were identified in specific versions of the Philips IntelliVue Patient Monitor system, PerformanceBridge Focal Point,  PIC iX, software, and the Patient Information Center iX, 

    The vulnerabilities compel a low skill level to manipulate, the advisories note. Successful exploitation of these vulnerabilities could result in the illegal entry, halted monitoring and collection of access to patient data. To successfully manipulate the vulnerabilities, though, an attacker would require physical access to supervision stations and client monitors or entry to the medical device network.

    Vulnerabilities Identified in Philips Patient Monitoring Software

    The vulnerabilities observed include:

    • Improper neutralization of formula elements in a comma-separated value, or CSV, file;
    • Improper check for certificate revocation;
    • Improper authentication;
    • Cross-site scripting;
    • Improper handling of length parameter inconsistency;
    • Exposure of resources to the wrong sphere.
    • Improper input validation;
    • Improper validation of syntactic correctness of input;

    “As of now, there are no available tackles available for these issues”, Philips says. And the company says it has not obtained any allegations tied to the vulnerabilities of events influencing clinical use. Philips intends to release a series of updates to clear all reported vulnerabilities for affected products.

    Also Read – Google fixes strange audio cut in Pixel Buds.

    Recent Articles

    Applitools partners with Sogeti on 2021 State of Artificial Intelligence applied to Quality Engineering Report

      Applitools, a developer of next-generation test automation platforms such as Ultrafast Test Cloud and Visual AI, announced on the 26th of July that it...

    Trending in Testing Weekly Newsletter #4

      We are excited to present the 4th edition of “Trending in Testing” Weekly Newsletter. Here are the latest updates: Trending News: 1. Robotic Process Automation (RPA)...

    8 Great Resources to learn Testing and Automation in 2021

      One of the important stages in the development of the software process is software testing. There are hundreds of tools out there in the...

    Cypress 8.0.0 released with New Features and Bugfixes recently released Cypress 8.0.0 version, the new version comes with numerous bug fixes and new features. With the new version, all browsers will...

    Robotic Process Automation (RPA) Developer Career Path – Are you Ready to Begin?

      Are you interested in becoming a Robotic Process Automation (RPA) Developer? You might be asking yourself, “What is RPA?”, and that’s a perfectly valid question....

    Related Stories

    Stay on op - Ge the daily news in your inbox