Philips reported its IntelliBridge Enterprise system has a potential low-severity vulnerability and issued an advisory for the system.
Four things to know:
1. The company's advisory states that Philips IntelliBridge Enterprise software has unencrypted user credentials stored in transaction logs. The vulnerability affects the Versions B.12 and prior.
2. The vulnerability would allow existing administrators or high-privileged system users access to credentials for the hospital's clinical information systems. IntelliBridge Enterprise provides HL7 interface interoperability between Philips products and hospitals' clinical information systems or EHRs.
3. The issue requires a high skill level to exploit, and Philips said it has not received reports that the vulnerability has been exploited.
4. Philips said it plans a new release by the end of 2020 that remediates the issue by not logging the plain text user credentials in the log file.In the meantime, Philips recommends that transaction logs be made only accessible with administrative privileges.