Earlier today the DHS ICS-CERT published their first
advisory for a specific vulnerability for a medical application, the Philips
Xper application. The heap-based buffer overflow vulnerability was reported by
Billy Rios in a coordinated disclosure.
ICS-CERT reports that a moderately skilled attacker could
remotely exploit this vulnerability and execute arbitrary code on the affected
device. According to the Philips
web site, the Xper application is used in a variety of medical monitoring,
diagnostic and medical work-flow devices.
Phillips has produced a an update for XperConnect that Billy
Rios has confirmed mitigates the reported vulnerability.
If past history is any guide (and I certainly expect it to
be) then this will be just the first of many medical device or application
advisories that will be published by ICS-CERT.
Posts
No comments:
Post a Comment