Today the DHS NCCIC-ICS published a medical device security
advisory for products from Philips. They also updated a previously published medical
device security advisory for products from Roche.
Philips Advisory
This advisory
describes a weak password requirement vulnerability in the Philips iSite and
IntelliSpace PACS. The vulnerability was reported by a customer. Philips
reports existing generic mitigation measures should take care of any problems
with this vulnerability.
NCCIC-ICS reports that a relatively low-skilled attacker
with uncharacterized access to the system could exploit the vulnerability to allow
an attacker to compromise a component of the system.
Roche Update
This update
provides additional information on an advisory that was originally
published on November 6th, 2018. The update changes the way that
the advisory reports affected version numbers of the products and corrects the
location of the corporate headquarters.
Posts
No comments:
Post a Comment