Friday, October 4, 2013

ICS-CERT Publishes Medical Product Advisory

Earlier today the DHS ICS-CERT published their first advisory for a specific vulnerability for a medical application, the Philips Xper application. The heap-based buffer overflow vulnerability was reported by Billy Rios in a coordinated disclosure.

ICS-CERT reports that a moderately skilled attacker could remotely exploit this vulnerability and execute arbitrary code on the affected device. According to the Philips web site, the Xper application is used in a variety of medical monitoring, diagnostic and medical work-flow devices.

Phillips has produced a an update for XperConnect that Billy Rios has confirmed mitigates the reported vulnerability.

If past history is any guide (and I certainly expect it to be) then this will be just the first of many medical device or application advisories that will be published by ICS-CERT.

No comments:

/* Use this with templates/template-twocol.html */