Thursday, November 8, 2018

One Advisory and One Update Published

Today the DHS NCCIC-ICS published a medical device security advisory for products from Philips. They also updated a previously published medical device security advisory for products from Roche.

Philips Advisory

This advisory describes a weak password requirement vulnerability in the Philips iSite and IntelliSpace PACS. The vulnerability was reported by a customer. Philips reports existing generic mitigation measures should take care of any problems with this vulnerability.

NCCIC-ICS reports that a relatively low-skilled attacker with uncharacterized access to the system could exploit the vulnerability to allow an attacker to compromise a component of the system.

Roche Update

This update provides additional information on an advisory that was originally published on November 6th, 2018. The update changes the way that the advisory reports affected version numbers of the products and corrects the location of the corporate headquarters.

No comments:

/* Use this with templates/template-twocol.html */