Search terms

security main L

Please find our Security Advisories here

Contact us

Security Advisories

Philips IntelliSpace Cardiovascular (ISCV) (2025 March 13)

Publication Date: 2025 March 13

Update Date: 2025 March 13

 

In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible security vulnerabilities, the company is proactively issuing an advisory regarding potential vulnerabilities related to Philips IntelliSpace Cardiovascular (ISCV) versions 4.1 and prior and versions 5.1 and prior.

 

Under specific conditions, the potential security vulnerabilities identified by an external security researcher and validated by Philips could allow an attacker to replay the session of the logged in ISCV user and gain access to patient records.


To date, Philips has not received any reports of patient harm, exploitation of these issues or incidents from clinical use that we have been able to associate with these issues.

 

Philips recommends the following mitigations:

  • CVE-2025-2229: Resolved in ISCV 4.2 build 20589, which was released in May 2019.
  • CVE-2025-2230: Resolved in ISCV 5.2, which was released in September 2020.
  • Philips recommends users upgrade ISCV installed base to the latest ISCV version (at the time of this publication is 830089 – IntelliSpace Cardiovacular 8.0.0.0)
  • Please contact a local Philips sales (service) representative to learn how to engage this upgrade process.
  • For managed services users, new releases will be made available upon resource availability. Releases are subject to country-specific regulations.

 

Philips has reported this vulnerability publicly and to the appropriate government agencies, including the U.S. Cybersecurity Infrastructure and Security Agency (CISA), which is issuing an advisory.

 

CISA website: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-072-01

 

 

Philips DICOM viewer (2025 February 26)

Publication Date: 2025 February 26

Update Date: 2025 February 26

 

Philips is aware of security researcher reports that a known hacker group is distributing malware disguised as Philips medical imaging viewer software (also known as DICOM viewer) to unsuspecting users via unauthorized sites and methods, including phishing techniques.

 

Philips DICOM viewer that is provided by or downloaded from authorized Philips sources – as required – is not affected by this issue and continues to be safe for use. This reported malware campaign does not originate with Philips products or services. Philips DICOM viewer from legitimate sources has not been exploited, and this is not a security vulnerability with the product itself.

 

Customers with questions about this issue may contact the Philips Product Security team at: productsecurity@philips.com

 

JQuery Advisory (CVE-2020-11023) (2025 February 21)

Publication Date: 2025 February 21

Update Date: 2025 February 25

 

Philips is currently monitoring developments and updates related to a critical vulnerability (CVE-2020-11023) which was first disclosed by JQuery in 2020 and was recently included in CISA’s Known Exploited Vulnerabilities Catalogue.

 

Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols.

 

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.

 

Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products.

 

Philips is providing the list below to better assist our customers in identifying any Philips’ products that could be impacted by the JQuery vulnerability. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.

867113 - Focal Point v2.1 & prior

839001 - Vue PACS 12.2 2

866183 - IntelliBridge Enterprise (IBE 2.0, B.09, B.10, B.12) 1

Vue Patient Center v1.0.25.0 (China Market Only)

866009 - IntelliVue Guardian Software E.00 & E.01

Vue RIS Web v2.1.28.0 (China Market Only)

867173 - VitalSky 2.4.0

For all above products Philips is evaluating the best possible mitigations. Specific mitigations are listed below:

 

1 Product versions listed above have reached End of Life and End of Support. Philips recommends upgrading to the latest version of IntelliBridge Enterprise (IBE) to mitigate this vulnerability.

2 Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure. Please contact your local service support team.

 

Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.

Ivanti Endpoint Manager Advisory (Multiple CVE's) (2025 February 21)

Publication Date: 2025 February 21

Update Date: 2025 February 21

 

Philips is currently monitoring developments and updates related to multiple critical vulnerabilities discovered within Ivanti Endpoint Manager (EPM) CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159. Ivanti has released updates for Ivanti Endpoint Manager (EPM) which addresses these critical vulnerabilities.

 

Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols.

 

At this time, no Philips products are known to be impacted. In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate

 

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.

 

Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products.

 

Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.

Veeam Advisory (CVE-2025-231104) (2025 February 14)

Publication Date: 2025 February 14

Update Date: 2025 February 14

 

Philips is currently monitoring developments and updates related to a critical vulnerability (CVE-2025-23114) disclosed by Veeam, a Backup and disaster recovery Software company. This critical vulnerability, if exploited, could allow an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on an affected appliance server with root-level permissions.

 

Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols.

 

At this time, no Philips products are known to be impacted. In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate

 

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.

 

Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products.

 

Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.

7-Zip Advisory (CVE-2024-11477 & CVE-2025-0411) (2025 January 28)

Publication Date: 2025 January 28

Update Date: 2025 January 29

 

Philips is currently monitoring developments and updates related to two vulnerabilities (CVE-2024-11477 and CVE-2025-0411) within 7-Zip, a widely used open-source file archiving software. These critical vulnerabilities, if exploited, could allow remote attackers to execute malicious code on a victim’s system.

 

Philips’ teams are continuously evaluating Philips’ products and solutions for potential impacts from vulnerabilities and validating actions, as part of the company’s product security policy and protocols.

 

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.

 

Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. Customers (contract-entitled or otherwise) who still have questions are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products.

 

Philips is providing the list below to better assist our customers in identifying any Philips’ products that could be impacted by 7-Zip’s vulnerabilities. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.

866389/867141 – PICix1

1 Information or patch available on InCenter.

 

Note: For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against these vulnerabilities and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.

Philips manufactures, sells and helps you maintain highly complex medical devices and systems. Per policy, only Philips authorized changes are allowed to be made to these systems, either by Philips personnel or under Philips explicit published direction.


Please contact your Philips service representative for specific information about potential vulnerabilities and the availability of patches for your equipment configuration.

Customers with specific questions regarding any security advisory or their Philips products are asked to send an e-mail to productsecurity@philips.com, contact their Philips Service Representative or contact their regional Philips Service Support.

 

Any media inquiries should be directed to:


Mario Fante, mario.fante@philips.com
or (outside N. America):
Steve Klink, steve.klink@philips.com

By clicking on the link, you will be leaving the official Royal Philips ("Philips") website. Any links to third-party websites that may appear on this site are provided only for your convenience and in no way represent any affiliation or endorsement of the information provided on those linked websites. Philips makes no representations or warranties of any kind with regard to any third-party websites or the information contained therein.

I understand

You are about to visit a Philips global content page

Continue
© Koninklijke Philips N.V., 2004 - 2025. All rights reserved.

By clicking on the link, you will be leaving the official Royal Philips ("Philips") website. Any links to third-party websites that may appear on this site are provided only for your convenience and in no way represent any affiliation or endorsement of the information provided on those linked websites. Philips makes no representations or warranties of any kind with regard to any third-party websites or the information contained therein.

I understand

You are about to visit a Philips global content page

Continue

Our site can best be viewed with the latest version of Microsoft Edge, Google Chrome or Firefox.