Please find our Security Advisories here

Security Advisories

Cisco ASA and FTD Advisory (CVE-2023-20269) (2023 September 14)

Publication Date: 2023 September 14

Update Date: 2023 September 14

Philips is currently monitoring developments and updates related to a recently released Cisco Networks zero-day vulnerability in the remote access VPN feature its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) (CVE-2023-20269). Successful exploitation of this vulnerability could allow unauthorized remote attackers to conduct brute force attacks against existing accounts. By accessing those accounts, the attackers can establish a clientless SSL VPN session in the breached organization's network, which can have varying repercussions depending on the victim's network configuration.

As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions for potential impacts from this reported vulnerability and validating actions.

At this time, no Philips products are known to be impacted. In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate.

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips’s policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.

If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation will be produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal.

Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. If customers still have questions, all customers (contract-entitled or otherwise) are encouraged to contact their local service support team or regional product service support as appropriate for up-to-date information specific to their Philips’ products.

Juniper Networks Junos OS Advisory (CVE-2023-4481) (2023 September 1)

Publication Date: 2023 September 1

Update Date: 2023 September 1

Philips is currently monitoring developments and updates related to a recently released Juniper Networks security bulletin concerning a critical vulnerability (CVE-2023-4481) impacting the Junos and Junos Evolved operating systems. Successful exploitation of this vulnerability could allow an attacker to cause a denial of service (DoS).

If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation will be produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal.

Citrix NetScaler ADC and Gateway (CVE-2023-3466, 2023-3467, 2023-3519) (2023 July 24)

Publication Date: 2023 July 24

Update Date: 2023 July 24

Philips is currently monitoring developments and updates related to three vulnerabilities discovered in Citrix ADC and Gateway (CVE-2023-3466, CVE-2023-3467, CVE-2023-3519). Applicable products include Citrix NetScaler ADC and NetScaler Gateway.

CVE-2023-3466 references a Reflected Cross-Site Scripting (XSS) vulnerability.

CVE-2023-3467 references a Privilege Escalation to root administrator (nsroot) vulnerability.

CVE-2023-3519 references an Unauthenticated remote code execution vulnerability.

These vulnerabilities affect the following supported versions of NetScaler ADC and NetScaler Gateway:

NetScaler ADC and NetScaler Gateway 13.1 before 13.1-49.13
NetScaler ADC and NetScaler Gateway 13.0 before 13.0-91.13
NetScaler ADC 13.1-FIPS before 13.1-37.159
NetScaler ADC 12.1-FIPS before 12.1-55.297
NetScaler ADC 12.1-NDcPP before 12.1-55.297

Note:

For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips’s service teams from providing any required immediate and proactive support such as remote patching.

Microsoft Windows SmartScreen Security Feature Bypass Advisory (CVE-2023-32049) (2023 July 13)

Publication Date: 2023 July 13

Update Date: 2023 July 13

Philips is currently monitoring developments and updates related to a vulnerability (CVE-2023-32049) within Microsoft Windows SmartScreen, an early warning system designed to protect against malicious websites used for phishing attacks or malware distribution.

This flaw was discovered internally by the Microsoft Threat Intelligence Center and a patch for this vulnerability is now available as part of Microsoft’s July security update.

Progress Software MOVEit Advisory (Multiple CVE's) (2023 July 12)

Publication Date: 2023 July 12

Update Date: 2023 July 17

Philips is currently monitoring developments and updates related to a recently released Progress Software Corporation security bulletin concerning three vulnerabilities (CVE-2023-36932, CVE-2023-36933 and CVE-2023-36934) impacting the MOVEit Secure managed file transfer software. Successful exploitation of these vulnerabilities could allow an attacker to get access to sensitive information.

As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions for potential impacts from these reported vulnerabilities and validating actions.

Philips is providing the list below to better assist our customers in identifying any Philips’ products that could be impacted. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.

Encore Anywhere – All Versions ¹

Care Orchestrator – All Versions ¹

For all above products Philips is evaluating the best possible mitigations.

¹ Product has been patched against this exploit.

Note:

Citrix ShareFile StorageZone (CVE-2023-24489) - (2023 June 23)

Publication Date: 2023 June 23

Update Date: 2023 June 23

Philips is currently monitoring developments and updates related to a vulnerability discovered in ShareFile Storage Zones Controller which could allow for remote code execution (CVE-2023-24489). Applicable products include Citrix ShareFile and Citrix Content Collaboration.

This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24. Successful exploitation of the most severe of these vulnerabilities could allow for remote compromise by the user. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Note:

MOVEit Transfer Zero-Day (CVE-2023-34362) - (2023 June 07)

Publication Date: 2023 June 7

Update Date: 2023 July 10

Philips is currently monitoring developments and updates related to an observed wide exploitation of a zero-day vulnerability in the MOVEit Transfer secure managed file transfer software for subsequent data theft. These vulnerabilities were announced by Progress Software Corporation and have been assigned CVE-2023-34362 and CVE-2023-35036.

According to open source information, beginning on May 27, 2023, CL0P Ransomware Gang, also known as TA505, began exploiting a previously unknown SQL injection vulnerability (CVE-2023-34362) in Progress Software's managed file transfer (MFT) solution known as MOVEit Transfer. Internet-facing MOVEit Transfer web applications were infected with a web shell named LEMURLOOT, which was then used to steal data from underlying MOVEit Transfer databases.

Encore Anywhere ¹

Care Orchestrator ¹

For all above products Philips is evaluating the best possible mitigations.

¹Product has been patched against this exploit.

Note:

Microsoft WinVerifyTrust Signature Validation Advisory (CVE-2013-3900) (2023 May 3)

Publication Date: 2023 May 3

Update Date: 2023 May 10

Philips is currently monitoring developments and updates related to a vulnerability (CVE-2013-3900) within the WinVerifyTrust Signature Validation, which allows attackers to exploit the padding of a Windows Authenticode signature to gain control of a system.

Microsoft first released this vulnerability in December 2013 and has recently republished guidance and applicability of this vulnerability on modern operating systems like Windows 10 & 11.

Philips is providing the list below to better assist our customers in identifying any Philips’ products that could be impacted by this vulnerability. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.

866435 – Care Event¹	866458/867061 - IntelliSpace Perinatal ¹	867019 – IntelliVue XDS¹
Data Warehouse Connect ¹	866009 - IntelliVue Guardian Software ¹	866389 - PICix (All Versions) ¹

For all above products Philips is evaluating the best possible mitigations.

¹ Software only products with customer owned Operating Systems.

Note:

Microsoft Windows Common Log File System (CLFS) Advisory (CVE-2023-28252) (2023 April 17)

Publication Date: 2023 April 17

Update Date: 2023 April 24

Philips is currently monitoring developments and updates related to a Microsoft Zero-Day vulnerabilityin the Windows Common Log File System (CLFS) CVE-2023-28252. This vulnerability is being actively exploited by cybercriminals to escalate privileges and deploy ransomware payloads. This vulnerability can lead an attacker to gain elevated privileges up to SYSTEM user with little effort.

Microsoft has already released a patch for this vulnerability as part of their April security update.

As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing Microsoft Operating Systems for potential impacts from this reported vulnerability and validating actions.

Philips is providing the list below to better assist our customers in identifying any Philips’ products that could be impacted by Microsoft’s vulnerabilities. To the best of our knowledge, the list is complete, and products not listed should be considered not impacted. Philips reserves the right to update the list as necessary if additional products are identified.

867173 - VitalSky ¹	866389 - PICix (All Versions) ¹	866435 – Care Event ¹
Data Warehouse Connect ¹	863352 – Efficia Central CMS200 ²	881001/881030 – IntelliSpace Portal ¹
837507 - IntelliSpace PACS ²	881050 - ISP Enterprise ¹	839001 – Vue PACS – VuePortal – VueCloud ²
Ambient Expérience ²	Diagnostic Site Server (DSS) ²

For all above products Philips is evaluating the best possible mitigations.

¹Software only products with customer owned Operating Systems.

² Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure. Please contact your local service support team.

Note:

Microsoft Protected Extensible Authentication Protocol (PEAP) Advisory (CVE-2023-21701) (2023 March 29)

Publication Date: 2023 March 29

Update Date: 2023 April 17

Philips is currently monitoring developments and updates related to a vulnerability (CVE-2023-21701) within the Protected Extensible Authentication Protocol (PEAP), an authentication protocol used in wireless networks and Point-to-point connections. Successful exploitation of this vulnerability could allow a remote attacker to cause a denial of service condition.

Microsoft has already released a patch for this vulnerability as part of their February security update.

Capsule Neurons

Note:

Microsoft TPM 2.0 Advisory (CVE-2023-1017) & (CVE-2023-1018) (2023 March 24)

Publication Date: 2023 March 24

Update Date: 2023 March 24

Philips is currently monitoring developments and updates related to two vulnerabilities within TPM2.0's Module Library of Microsoft Windows Operating System (CVE-2023-1017) & (CVE-2023-1018). Successful exploitation of CVE-2023-1017 can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. Successful exploitation of CVE-2023-1018 can allow an attacker to read or access sensitive data stored in the TPM.

Microsoft has already released a patch for these vulnerabilities as part of their March security update.

867173 - VitalSky ¹	866389 - PICix (All Versions) ¹	866435 – Care Event ¹
Data Warehouse Connect ¹	Monitoring as a Service (eMaas) ²	881001/881030 – IntelliSpace Portal ¹

For all above products Philips is evaluating the best possible mitigations.

¹ Software only products with customer owned Operating Systems.

² Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure. Please contact your local service support team.

Note:

Microsoft Remote Procedure Call (RPC) Advisory (CVE-2023-2178) & (CVE-2023-23405) (2023 March 22)

Publication Date: 2023 March 22

Update Date: 2023 April 25

Philips is currently monitoring developments and updates related to two critical Remote Code Execution vulnerabilities (CVE-2023-21708) & (CVE-2023-23405) within the Remote Procedure Call Runtime library of Microsoft Windows Operating System. Successful exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to take control of the system.

Microsoft has already released a patch for these vulnerabilities as part of their March security update.

866435 - CareEvent (B.x/C.x) ^1,3	837507 - IntelliSpace PACS ²	784001 – UroNav (3.0, 4.1)
Capsule Neurons	866389 - PICix (All Versions) ^1,3
Data Warehouse Connect ^1,3	836240 - Universal Data Manager ²

For all above products Philips is evaluating the best possible mitigations.

¹ Software only products with customer owned Operating Systems.

² Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure. Please contact your local service support team.

³ Information or patch available on Incenter. Please contact your local service support team.

Note:

CISA/FBI Ransomware Cybersecurity Advisory (2023 February 15)

Publication Date: 2023 February 15

Update Date: 2023 February 15

Philips is aware of the recent joint CISA, FBI, and HHS Cybersecurity Advisory (CSA) warning healthcare facilities of the risks associated with Ransomware attacks funding Democratic People’s Republic of Korea (DPRK) espionage activities.

This Alert (AA23-040A) highlights the fact that there has been an increase in the number of ransomware attacks that are being used to fund DPRK espionage activities targeting the Healthcare Industry. This CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and various ransomware threat actors. Philips encourages all customers to visit stopransomware.gov to see all #StopRansomware advisories and to learn about other ransomware threats and no-cost resources.

For more information, see: #StopRansomware: Ransomware Attacks on Critical Infrastructure Fund DPRK Malicious Cyber Activities | CISA

If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation will be produced by Philips’s product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal.

Note:

VMware ESXi OpenSLP Ransomware Attacks (CVE-2021-21974) - (2023 February 06)

Publication Date: 2023 February 06

Update Date: 2023 February 10

Philips is aware and is currently monitoring developments and updates related to the recent Ransomware attacks in Europe, exploiting a heap-overflow vulnerability (CVE-2021-21974) within the OpenSLP service found on VMware’s ESXi Hypervisors.

860426 - IntelliSpace ECG Management System (IECG) ¹	837507 – IntelliSpace PACS ²	Trace Master Vue 3.6 ¹
836240 - Universal Data Manager ² (UDM)

For all above products Philips is evaluating the best possible mitigations. Specific mitigations are listed below:

¹ Software only products with customer owned operating systems.

² For impacted customers, Philips is in the process of validating and deploying the patch to the managed infrastructure

Note:

Apache Commons Text Advisory (CVE-2022-42889) -Text4Shell (2023 February 06)

Publication Date: 2023 February 06

Update Date: 2023 February 09

Philips is currently monitoring developments and updates related to the recently released Apache Commons Text advisory concerning a critical vulnerability(CVE-2022-42889) impacting Apache Commons Text Library versions 1.5 through 1.9.

In accordance with Philips’ Global Security Policy, Philips continues to analyze the matter, and further information will be posted on the Philips Product Security Advisory page as appropriate.

Apple Security Update - (2023 February 06)

Publication Date: 2023 February 06

Update Date: 2023 February 06

Philips is currently monitoring developments and updates related to the recently released Apple security update that addresses several vulnerabilities in multiple products. Successful exploitation of these vulnerabilities could allow an attacker to take control of the affected device.

JSON Web Token Advisory (CVE-2022-23529) - (2023 January 17)

Publication Date: 2023 January 17

Update Date: 2023 January 17

Philips is currently monitoring developments and updates related to the recently released critical security vulnerability (CVE-2022-23529) within JSON web token, an open-source JavaScript package that is used for authentication, authorization and for securely exchanging data.

Successful exploitation of this vulnerability could allow an attacker to perform a remote code execution attack. The latest version of JSON web token (9.0.0) is recommended as it includes a fix for the above-mentioned vulnerability.

Linux Kernel ksmbd Use-After-Free Remote Code Execution Vulnerability - (2023 January 11)

Publication Date: 2023 January 11

Update Date: 2023 January 11

Philips is currently monitoring developments and updates related to the recent security zero-day vulnerability released by Linux.

Linux has released security updates to address a zero-day kernel vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable.

Philips manufactures, sells and helps you maintain highly complex medical devices and systems. Per policy, only Philips authorized changes are allowed to be made to these systems, either by Philips personnel or under Philips explicit published direction.

Please contact your Philips service representative for specific information about potential vulnerabilities and the availability of patches for your equipment configuration.

Customers with specific questions regarding any security advisory or their Philips products are asked to send an e-mail to productsecurity@philips.com, contact their Philips Service Representative or contact their regional Philips Service Support.

Any media inquiries should be directed to:

Mario Fante, mario.fante@philips.com
or (outside N. America):
Steve Klink, steve.klink@philips.com