Certain versions of Philips’ IntelliSpace Cardiovascular cardiac image and information management software include vulnerabilities involving “improper privilege management” and “unquoted search path or element.” Hackers with local access and user privileges on the service can exploit the vulnerabilities to execute arbitrary code, according to the alert.
Philips told Healthcare Info Security that it hasn’t received any reports of “exploitation of these vulnerabilities or incidents from clinical use that we have been able to associate with this problem, and no public exploits are known to exist that specifically target these vulnerabilities.”
A separate alert was issued two days later, on Aug. 16, for Philips’ PageWriter Cardiographs products, which are used for diagnostic electrocardiogram testing. According to the alert, hackers could exploit improper input validation and use of hard coded credentials to “allow buffer overflows, or allow an attacker to access and modify settings on the device.”
More articles on cybersecurity:
Intel finds another major security flaw in its microchips
HIPAA through the years: 5 biggest fines since 2008
Urgent care provider notifies 13K to data breach