Security News > 2020 > September > Flaws in Philips Patient Monitoring Products Can Lead to Patient Data Exposure
Multiple vulnerabilities identified in Philips patient monitoring solutions could provide attackers with unauthorized access to patient data.
"Successful exploitation of these vulnerabilities could result in unauthorized access, interrupted monitoring, and collection of access information and/or patient data," CISA says.
The security flaws, which were identified by researchers with ERNW as part of a larger project supervised by Germany's Federal Office for Information Security, affect IntelliVue Patient Monitor systems, Patient Information Center iX software, and PerformanceBridge Focal Point, which powers remote enablement.
The discovered bugs have been described as improper neutralization of formula elements in a CSV file, cross-site scripting, improper authentication, improper check for certificate revocation, improper handling of length parameter inconsistency, improper validation of syntactic correctness of input, improper input validation, and exposure of resources to the wrong control sphere.
The company also explains that an attacker looking to exploit the flaws requires either "Physical access to surveillance stations and patient monitors or access to the medical device network."