Philips reported a possible security vulnerability with its DreamMapper software.
The company issued an advisory July 30 regarding the medium-severity vulnerability, which affects Versions 2.24x and prior. The DreamMapper software is a personalized therapy adherence tool for sleep apnea patients but the vulnerability does not impact patient safety.
The issue would require a low skill level to exploit, which would allow unauthorized access to log file information containing descriptive error messages. The company has not received any reports that the vulnerability has been exploited to date.
Philips is planning a new DreamMapper release for June 30, 2021, to remediate the vulnerability.