The Department of Homeland Security's Industrial Control Systems-Cyber Emergency Response Team issued an alert Aug. 14 about cybersecurity vulnerabilities in some Philips-made medical devices, HealthcareInfoSecurity reports.
Certain versions of Philips' IntelliSpace Cardiovascular cardiac image and information management software include vulnerabilities involving "improper privilege management" and "unquoted search path or element." Hackers with local access and user privileges on the service can exploit the vulnerabilities to execute arbitrary code, according to the alert.
Philips told Healthcare Info Security that it hasn't received any reports of "exploitation of these vulnerabilities or incidents from clinical use that we have been able to associate with this problem, and no public exploits are known to exist that specifically target these vulnerabilities."
A separate alert was issued two days later, on Aug. 16, for Philips' PageWriter Cardiographs products, which are used for diagnostic electrocardiogram testing. According to the alert, hackers could exploit improper input validation and use of hard coded credentials to "allow buffer overflows, or allow an attacker to access and modify settings on the device."