Please find our Security Advisories here

Security Advisories

SolarWinds Serv-U Remote Memory Escape Vulnerability CVE-2021-35211 (2021 July 13)

Publication Date: 2021 July 13

Update Date: 2021 July 13

Philips is currently monitoring developments related to recent reports of a security vulnerability affecting the SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP. According to SolarWinds, the vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions. A threat actor who successfully exploits this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system.

Our global security teams are analyzing updates from SolarWinds, in the event that this issue may potentially be related to known security vulnerabilities. CVE-2021-35211 was assigned to Serv-U Remote Memory Escape Vulnerability.

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our solutions. The company is a recognized leader in health technology cybersecurity. As part of the global Philips Product Security Policy, the company conducts extensive, ongoing analysis of our solutions, often in collaboration with customers, researchers, and government agencies.

To date, Philips’s review has not identified products affected by the Solarwinds software vulnerabilities. Philips does not utilize Solarwinds in an external facing capacity when servicing or monitoring medical devices through Philips Remote Service Network (RSN/PRS). Our review and analysis is ongoing.

Kaseya VSA Supply-Chain Ransomware Attack (2021 July 5)

Publication Date: 2021 July 5

Update Date: 2021 July 5

Philips is aware and currently monitoring supply chain attack affecting Kaseya VSA, a remote management and network monitoring product. We are aware of the attack, which has been leveraged to deploy ransomware to networks which utilize Kaseya VSA. The variant of ransomware deployed is REvil/Sodinokibi. Preliminary details about the activity suggest that VSA admin accounts are disabled shortly before ransomware is deployed.

Philips is not leveraging Kaseya VSA in its Remote Service access (PRS) to our customers and until now no products have been identified leveraging this technology. We continue to evaluate all our products and if we identify any products or services affected we will publish this here.

As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing Microsoft Operating Systems for potential impacts from these reported vulnerability and validating actions. Philips is also monitoring for OS updates related to this vulnerability and evaluating further possible actions as needed.

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.

If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation is produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.

Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. If customers still have questions, all customers (contract-entitled or otherwise) are encouraged to contact their local service support team or regional product service support as appropriate for up to date information specific to their Philips’ products.

Microsoft Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527) – PrintNightmare (2 July 2021)

Publication Date: 2021 July 2

Update Date: 2021 July 12

Philips is currently monitoring developments and updates related to the recent Microsoft alert, providing guidance for a Windows Print Spooler Remote Code Execution Vulnerability (CVE-2021-34527). We are aware of a public report, known as “PrintNightmare”. The vulnerability impacts computers running the Print Spooler service on Windows client and server versions starting with Windows 7 and higher.

According to Microsoft, the vulnerability can be exploited as an authenticated user calling RpcAddPrinterDriverEx(). An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing Microsoft Operating Systems for potential impacts from this reported vulnerability and validating actions. Philips is also monitoring for OS updates related to this vulnerability and evaluating further possible actions as needed.

If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation is produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.

Begin Update A: 2021 July 12

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products that could be vulnerable to CVE-2021-34527. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

Product	Product	Product
ACSYS Gateway & ACSYS-ER (1)	IntelliSpace Breast	PIC iX (B.0x, C.0x)
CareEvent	IntelliSpace Cardiovascular (ISCV) (1)	Pinnacle 18.x
CDE (1)	IntelliSpace Critical Care and Anesthesia (ICCA)	RIS (1)
Data Warehouse Connect	IntelliSpace ECG Management System (ECG) (1)	SensaVue HD and fMRI
Diagnostic Site Server (DSS) (5)	IntelliSpace Perinatal (OBTV) (1)	SPARSH (SPM + PA) (1)
Dosewise Portal (1)	InteliSpace Portal Server (ISP) (1)	SPhAERA (3.x, 4.x, 5.x)
DynaCAD Breast and Prostate (1)	IntelliSpace Portal Workstation (1)	ST80i A.02 (1)
DynaSuite Neuro 3 (1)	IntelliVue Guardian Software (1)	SyncVision
eICU eCare Manager & eSearch (1)	IntelliVue XDS (1)	UroNav (1.x, 2.x, 3)
eTriage (1)	IntraSight	Vi-Pros (1)
e-Whiteboard (1)	ISEE	Volcano ComboMap System
Forcare Suite (1) (3)	i-Report (1)	Volcano Core Imaging System
Holter Recorder DigiTrak XT (DTXT) (1)	Lung Cancer Screening (1)	Volcano Core Mobile Imaging System
Image Management (1)	Multi-Patient Bridge (MPB) (1)	VSS Dashboard (1)
InGent RIS (1)	ORSYS (1)	Xper IM 1.5;2.x-5.x (1)
Intellibridge Enterprise (IBE) (1)	Performance Bridge (1)	Xcelera 4.1 (1)

(1) Software only products with customer owned Operating Systems. For these products, Philips does not validate security patches, it is the customer responsibility to validate and deploy patches.

(2) Information or patch available in Incenter

(3) Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure

(4) In case of valid service level agreement, Philips is in the process of validating and deploying the patch on the Philips provided infrastructure.

(5) Product is configured to automatically download patches

Note:

For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips service teams from providing any required immediate and proactive support such as remote patching.

End Update A

Philips Vue PACS (2021 June 28)

Publication Date: 2021 June 29

Update Date: 2021 July 6

Philips is a committed leader in medical device cybersecurity. As part of our global Product Security Policy, the company conducts extensive, ongoing analysis of our products, often in collaboration with customers and researchers, to identify and address potential vulnerabilities.

In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible security vulnerabilities, the company is proactively issuing an advisory regarding potential issues related to the certain versions Philips Vue PACS (Picture Archiving and Communications System) software and related products:

Vue PACS versions 12.2.x.x and prior
Vue MyVue versions 12.2.x.x and prior
Vue Speech versions 12.2.x.x and prior
Vue Motion versions 12.2.1.5 and prior

Philips has identified potential security vulnerabilities that under specific conditions could impact or potentially compromise patient confidentiality, system integrity, and/or system availability. To minimize the potential risk of these vulnerabilities, Philips recommends that users upgrade to the latest Philips Vue PACS software running on Windows Operating System 2019 and enabling security patching procedures for timely security updates.

Philips’ analysis has shown that these issues require a range of low skill to high skill to exploit. In this event, unauthorized users may be able to provide unexpected input into the application, execute arbitrary code, alter the intended control flow of the
system, access sensitive information, or potentially cause a system crash.

Philips has identified that some of the affected vulnerabilities could be attacked remotely. Exploits that could target some of the vulnerabilities are known to be publicly available.

To date, Philips has not received any reports of exploitation of these issues or of incidents from clinical use that we have been able to associate with this issue. It is unlikely that this potential vulnerability would impact clinical use. Philips released software updates and has controlling mitigations on the affected software to limit the risk and exploitability of most of these vulnerabilities.

Philips has reported these potential vulnerabilities and its resolution to the appropriate government agencies, including the U.S. Cybersecurity Infrastructure and Security Agency (CISA), which is issuing an advisory.

Philips also sent a letter to all its customers, user with questions regarding their specific Vue PACS solutions are advised by Philips to contact their local Philips service support team.

Cybersecurity & Infrastructure Security Agency (CISA) Advisory: https://us-cert.cisa.gov/ics/advisories/icsma-21-187-01

Philips Interoperability Solutions XDS (2021 June 24)

Publication Date: 2021 June 24

Update Date: 2021 June 24

In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible security vulnerabilities, the company is proactively issuing an advisory regarding a potential issue related to the certain versions of Philips Interoperability Solutions XDS (Software Versions 2.5 to 3.11 and 2018-1 to 2021-1).

Philips has identified a potential low-severity security vulnerability that requires a high skill level to exploit, and for which there are no known public exploits available. A highly motivated attacker can read the Lightweight Directory Access Protocol (LDAP) system credentials by gaining access to the network channel being used for communication. Should this occur, clear text transmission of sensitive information risk applies to configurations which are configured to use LDAP via Transport Layer Security (TLS).

To minimize the potential risk of these vulnerabilities, Philips has identified the following guidance and mitigations:

Administrators should disable LDAP referrals on their LDAP servers if LDAP via TLS is used.
Administrators should configure their LDAP servers to include a complete structure to search.

The Philips software is not be used for clinical use nor rated as a medical device; therefore, this potential vulnerability would not impact patient safety.

Philips has reported this potential vulnerability and its mitigation to customers and the appropriate government agencies, including the U.S. Cybersecurity Infrastructure and Security Agency (CISA), which is issuing an advisory.

Users with questions regarding their specific Interoperability Solutions XDS installations are advised by Philips to contact their local Philips service support team. Philips contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions or call 1-800-722-9377

Publication on Cybersecurity & Infrastructure Security Agency (CISA) website: https://us-cert.cisa.gov/ics/advisories/icsma-21-175-01

VMware Advisory CVE-2021-21985 and CVE-2021-21986 (2021 May 26)

Publication Date: 2021 May 26

Update Date: 2021 May 28

Philips continues to review developments related to recently reported VMware vCenter Server and VMware Cloud Foundation critical and medium rated vulnerabilities (CVE-2021-21985 & CVE-2021-21986). According to VMware advisory VMSA-2021-0010 these VMware vCenter Server updates address remote code execution and authentication vulnerabilities.

Following evaluation of the reported VMWare vulnerabilities, Philips has identified a limited number of products that contain affected VMWare software. Philips analysis has determined that the majority of these products are not affected by the reported vulnerability.

For products potentially affected by the VMWare vulnerability, Philips has determined that if affected VMWare software is updated the most recent versions containing the security upgrade, the reported vulnerabilities are mitigated. Philips does not provide or maintain VMware for customers using these products and advises customers to assess their VMware environment to determine if a software update/upgrade is necessary.

Affected Philips systems are safe for continued operation consistent with their Instructions for Use. To date, Philips has not received any reports of exploitation of these issues or of incidents from clinical use that we have been able to associate with this issue.

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips-approved product specifications.

Begin Update A: 2021 May 28

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products running on VMware vCenter Server and VMware Cloud Foundation that could be vulnerable to CVE-2021-21985 or CVE-2021-21986. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

CareEvent C.0x*	IntelliSpace PACS 4.4, 4.4.551, 4.4.553***	Patient Information Center (PIC) iX B.0x/C.0x*
Clinical Collaboration Platform (registered as VuePACS)*	IntelliSpace Portal Server and IntelliSpace Portal Enterprise*	PerformanceBridge Focal Point A.0x*
eCareManger 4.2.x/4.3.x/4.4.x/4.5.x*	IntelliSpace Portal Enterprise (Concerto) solution with hardware and VM/vSphere infrastructure supplied by Philips*,**	Pinnacle 18.x***
IntelliSite Pathology Solution	IntelliVue Guardian Software (IGS) E.0x*	RIS (formally known as Vue)*
IntelliSpace Critical Care and Anethesia (ICCA) H.02/J.01*	Multi-patient Bridge 1.0.x/2.0.x*	UDM 1.1, 2.1

*Software only product, customers may have installed these products on VMware. For these products, Philips does not validate VMware security patches. It is the customer responsibility to validate and deploy VMware patches.

**Information or patch available in Incenter

***Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure

****In case of valid service level agreement, Philips is in the process of validating and deploying the patch on the Philips provided infrastructure. In case there is no valid service level agreement, please contact your local Philips IntelliSpace Portal representative.

End Update A

Conti Ransomware Advisory (2021 May 24)

Publication Date: 2021 May 20

Update Date: 2021 May 24

Philips is currently monitoring developments and updates related to the Federal Bureau of Investigation (FBI) (CP-000147-MW). The FBI identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year. These healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the U.S. Like most ransomware variants, Conti typically steals victims’ files and encrypts the servers and workstations in an effort to force a ransom payment from the victim. The ransom letter instructs victims to contact the actors through an online portal to complete the transaction. If the ransom is not paid, the stolen data is sold or published to a public site controlled by the Conti actors. Ransom amounts vary widely and we assess are tailored to the victim. Recent ransom demands have been as high as $25 million.

Conti actors gain unauthorized access to victim networks through weaponized malicious email links, attachments, or stolen Remote Desktop Protocol (RDP) credentials. Conti actors use remote access tools, which most often beacon to domestic and international virtual private server (VPS) infrastructure over ports 80, 443, 8080, and 8443. Additionally, actors may use port 53 for persistence. Large HTTPS transfers go to cloud-based data storage providers MegaNZ and pCloud servers. Other indicators of Conti activity include the appearance of new accounts and tools—particularly Sysinternals—which were not installed by the organization, as well as disabled endpoint detection and constant HTTP and domain name system (DNS) beacons, and disabled endpoint detection.

Begin Update A: 24 May 2021

At this time, no Philips products or solutions are impacted. If we become aware of an affected product or solution, we will post that information here.

For customers who utilize the Remote Services Network (RSN, PRS), all Philips RSN systems are protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips service teams from providing any required immediate and proactive support such as remote patching.

End Update A

BadAlloc RTOS Advisory (2021 May 7)

Publication Date: 2021 May 7

Update Date: 2021 May 7

Philips is currently monitoring developments and updates related to the Cybersecurity & Infrastructure Security Agency (CISA) advisory (ICSA-21-119-04). We are aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries.

Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution. This critical vulnerability (CVSS v3 9.8) affects multiple RTOS vendors, most of whom already have a mitigation available.

Philips is currently reviewing the impact of this vulnerability on our products. Should we become aware of an affected product, we will post that information here.

Ivanti Pulse Connect Secure Advisory (2021 May 4)

Publication Date: 2021 May 4

Update Date: 2021 May 4

Philips is currently monitoring developments and updates related to the Cybersecurity & Infrastructure Security Agency (CISA) advisory (AA21-110A).

CISA partners have observed active exploitation of vulnerabilities in Ivanti’s Pulse Connect Secure products. Successful exploitation of these vulnerabilities allows an unauthenticated user to perform remote arbitrary code execution on the Pulse Connect Secure gateway. Ivanti has provided a mitigation and is in the process of developing a patch.

At this time, no Philips products are impacted. If we become aware of an affected product, we will post that information here.

NAME:WRECK Advisory (2021 April 15)

Publication Date: 2021 April 15

Update Date: 2021 April 30

Philips is currently monitoring developments and updates related to nine DNS vulnerabilities reported by cybersecurity researchers from Forescout and JSOF. The set of nine vulnerabilities, referred to as NAME:WRECK affect Domain Name System (DNS) implementations which affect at least four common TCP/IP stacks – FreeBSD, IPNet, NetX and Nucleus NET.

As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing DNS with affected TCP/IP stacks for potential impacts from these reported vulnerabilities and validating actions.

When a product does require security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation will be produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.

Begin Update A: 2021 April 30

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to the NAME:WRECK vulnerabilities. However, the list below is not comprehensive and may be updated as necessary if more products are identified.

Airvibe	Jaguar	Polaris Robot Vacuum Cleaner
Comfort	Mario	Puma
Intellispace Perinatal (J.x)*	Microcube	SIMBA

*Software only products with customer owned Operating Systems

**Information or patch available in Incenter

***Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure

End Update A

Philips Gemini PET/CT Family systems (2021 March 25)

Publication Date: 2021 March 25

Update Date: 2021 March 25

In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible security vulnerabilities, the company is proactively issuing an advisory regarding a very low-severity issue related to Philips Gemini PET/CT Family systems (CVSS v3 Score – 2.4 on a scale of 10).

This potential issue is related to storage of information in a file system or device without access control, specific to removable media. Should this issue be exploited, there is a possibility that sensitive information may be accessible by unauthorized parties. This potential vulnerability requires physical access to the removable media to exploit.

To date, Philips has not received any reports of exploitation of these issues or of incidents from clinical use that we have been able to associate with this issue.

Philips is reminding customers that users should operate all Philips deployed and supported Gemini PET/CT systems within Philips authorized specifications, including Philips approved software, software configuration, system services, and security configuration.

Customers with questions regarding their specific Philips Gemini PET/CT installations should contact their Philips support representative, visit the customer service solutions web site at https://www.usa.philips.com/healthcare/solutions/customer-service-solutions, or call 1-800-722-9377.

Publication on Cybersecurity & Infrastructure Security Agency (CISA) website: https://us-cert.cisa.gov/ics/advisories/icsma-21-084-01

F5 K02566623 Advisory (CVE-2021-22986, CVE-2021-22987, CVE-2021-22991, CVE-2021-22992 (2021 March 10)

Publication Date: 2021 March 10

Update Date: 2021 March 12

Philips is currently monitoring developments and updates related to the recent F5 alert concerning four critical CVEs, along with three related CVEs (two highs and one medium).

As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing F5 for potential impacts from these reported vulnerabilities and validating actions. F5 has released a patch to help remediate this vulnerability. Philips is currently in the process of validating the F5 patch and vendor recommended mitigation options. Once the F5 patch has been tested and validated by Philips with the impacted products, the patch will either be installed by Philips or made available for installation by customers, depending on contract details.

Begin Update A: March 12, 2020

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to CVE-2021-22986, CVE-2021-22987, CVE-2021-22991, CVE-2021-22992. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

Clinical Collaboration Platform ***

(formally called Vue PACS)

IS PACS (versions 3.6, 4.1, 4.4, 4.4.551, and 4.4.553***

Universal Data Manager (UDM) (versions 1.1, 2.1, and 3.1) ***

VueBeyond

*Software only products with customer owned Operating Systems

**Information or patch available in Incenter

***Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure

End Update A

Microsoft Exchange Server Advisory AA21-062A (2021 March 8)

Publication Date: 2021 March 8

Update Date: 2021 March 15

Philips is currently monitoring developments and updates related to the Cybersecurity & Infrastructure Security Agency (CISA) advisory (AA21-062A). CISA partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as access to files and mailboxes on the server and to credentials stored on that system.

Successful exploitation may additionally enable the attacker to compromise trust and identity in a vulnerable network. Microsoft released out-of-band patches to address vulnerabilities in Microsoft Exchange Server. The vulnerabilities impact on-premises Microsoft Exchange Servers and are not known to impact Exchange Online or Microsoft 365 (formerly O365) cloud email services.

At this time, no Philips products are impacted. If we become aware of an affected product, we will post that information here.

Accellion File Transfer Appliance Advisory AA21-055A (2021 February 24)

Publication Date: 2021 February 24

Update Date: 2021 March 3, 2021

Philips is currently monitoring developments and updates related to the recent exploitation of Accellion File Transfer Appliance (FTA) – AA21-055A. The joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States. Worldwide, actors have exploited the vulnerabilities to attack multiple federal and state, local, tribal, and territorial (SLTT) government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors.

According to Accellion, this activity involves attackers leveraging four vulnerabilities to target FTA customers. Accellion FTA is a file transfer application that is used to share files. In mid-December 2020, Accellion was made aware of a zero-day vulnerability in Accellion FTA and released a patch on December 23, 2020.

Begin Update A: 2021 March 3

To date, Philips’s review has not identified products or solutions containing the Accellion file transfer vulnerabilities.

End Update A

VMware Advisory CVE-2021-21972, CVE-2021-2021-21973, CVE-2021-21974 (2021 February 23)

Publication Date: 2021 February 23

Update Date: 2021 March 15

Philips continues to review developments related to recently reported VMware ESXi and vCenter Server critically rated updates (CVE-2021-21972, CVE-2021-21973 and CVE-2021-21974), related to multiple vulnerabilities in VMware ESXi and vSphere Client (HTML5). At this time, VMWare has made software updates available to remediate these vulnerabilities in affected VMware products.

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips-approved product specifications.

Begin Update A: 2021 March 15

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products running on VMware ESXi and vCenter that could be vulnerable to CVE-2021-21972, CVE-2021-21973 or CVE-2021-21974. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

CareEvent C.0x*	IntelliSpace PACS 4.4, 4.4.551, 4.4.553***	Patient Information Center (PIC) iX B.0x/C.0x*
Clinical Collaboration Platform (registered as VuePACS)*	IntelliSpace Portal Server and IntelliSpace Portal Enterprise*	PerformanceBridge Focal Point A.0x*
eCareManger 4.2.x/4.3.x/4.4.x/4.5.x*	IntelliSpace Portal Enterprise (Concerto) solution with hardware and VM/vSphere infrastructure supplied by Philips*,**	Pinnacle 18.x***
IntelliSite Pathology Solution	IntelliVue Guardian Software (IGS) E.0x*	RIS (formally known as Vue)*
IntelliSpace Critical Care and Anethesia (ICCA) H.02/J.01*	Multi-patient Bridge 1.0.x/2.0.x*	UDM 1.1, 2.1

**Information or patch available in Incenter

***Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure

End Update A

Joint FBI/CISA/Treasury Advisory “AppleJeus” (2021 February 19)

Publication Date: 2021 February 19

Update Date: 2021 February 19

Philips is currently monitoring developments and updates related to the joint advisory (AA21-048A) published the results of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury). The report highlights the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic People’s Republic of Korea (DPRK), and provides mitigation recommendations.

Working with U.S. government partners, FBI, CISA, and Treasury assess that Lazarus Group, which these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actors, is targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of cryptocurrency trading applications that have been modified to include malware that facilitates theft of cryptocurrency.

The US Government has identified malware and indicators of compromise (IOCs) used by the North Korean government to facilitate cryptocurrency thefts; the cybersecurity community refers to this activity as “AppleJeus.”

At this time, no Philips products are impacted. If we become aware of an affected product, we will post that information here.

Microsoft Critical Feb Vulnerabilities CVE-2021-24074 CVE-2021-24094 CVE-2021-24086 (2021 February 9)

Publication Date: 2021 February 09

Update Date: 2021 March 23

Philips is currently monitoring developments and updates related to the recent Microsoft alert concerning a set of fixes affecting Windows TCP/IP implementation that includes two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086).

The three TCP/IP security vulnerabilities impact computers running Windows client and server versions starting with Windows 7 and higher. According to Microsoft, of the three vulnerabilities, the CVE-2021-24086 flaw is most likely to be exploited for orchestration of denial-of-service attacks that cause a STOP error with a Blue Screen of Death in Windows OS.

The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are less likely to be exploited in the short term. However, researchers at Microsoft believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, Microsoft recommends customers move quickly to apply Windows security updates as soon as possible. These vulnerabilities result from a flaw in Microsoft’s implementation of TCP/IP and affect all Windows versions.

Microsoft has released patches to help remediate these vulnerabilities. Philips is currently in the process of evaluating these patches. As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing Microsoft Operating Systems for potential impacts from these reported vulnerabilities and validating actions. Philips is also monitoring for OS updates related to these vulnerabilities and evaluating further actions or updates to potentially affected Philips products.

Begin Update C: 2021 March 23

Access CT16 Slice (v2.0.0.31538)	DigitalDiagnost C50, C90 and Opta C50 (v1.x.x)	IntelliSpace Portal Server (V9.0-11.0)**
Access CT6 Slice (v2.0.0.31538)	DR Compact (v3.1)	IntelliSpace Portal Workstation (V9.0-11.0)**
Achieva, Achieva 3.0T and Achieva XR (vR5.3, R5.4 and higher)	DuraDiagnost (v3.0.0-4.0.7)	IntelliVue Guardian Software(vE.0x)*
Affiniti 30/50/70	DuraDiagnost Compact (v2.1.0-2.1.3)	IQon Spectral CT (v4.7.2, 4.7.5, 4.7.7)
Big Bore/Big Bore RT (v4.2, 4.8)	DuraDiagnost F30
Brilliance 64 (v4.1.6, 4.1.7, 4.1.10)	Dream Mapper**	Juno DFR 5.7
Brilliance ICT (v4.1.6, 4.1.7)	Easy Diagnost (v5.1.0-5.1.1)	Microdose S0 (Balder) 11.0 and MicroDose SI & SI U (L50 & L50 U) 9.0 P1, P2, P3, P4, P5
Brilliance ICT SP (v4.1.6)	eICU eCare Manager*	MobileDiagnost M50, Opta and wDR (1.2-2.10)
CareEvent,*	Emergency Care Informatics (v2)**	Multi-Patient Bridge (v1.0.0.1)*
Care Orchestrator (v1)	Encore Anywhere (v2.41)**	Multiva and Multiva/Prodiva R5.3 and R5.4 and higher
ClearVue	Epiq 5/7	PIC iX (B.0x, C.0x),*
Clinical Collaboration Platform (VuePACS)	FocalPoint A.0/A.01*	Prograde (v1.0.0-1.2)
CombiDiagnost R90 (v1.0.0-1.0.1.1, 1.0.0.2, 1.01, 1.0.1.1)	Graph Mammo	ProxiDiagnost N90
Corsium	Ingenia (vR5.3, R5.4 and higher)	RIS (formally known as Vue) 11.3
CT5000 Ingenuity (v4.1.10)	Ingenuity (v4.0.0-4.1.7)	Sleep Support Portal & PSPNet**
CT 6000 iCT (v4.1.10)	IntelliSpace Breast (v2.1, 2.2, 3.1, and 3.2)	Sparq
CT MX16 EV02 (v2.0)	Intellispace Consultative Critical Care (ICCC) (vB.02)*	SPhAERA (v3.0 and higher)
CX50/30	Intellispace ECG (IECG) (vB.00),*	Vereos (v2.0x)
Diagnostics Site Server (DSS)**	IntellisPace Perinatal (ISP) (v. J.x, K.x),*
DigitalDiagnost (v3.2.0-4.2)**	Intellispace Critical Care and Anesthesia ICCA (v. H.x, J,x),*

*Software only products with customer owned Operating Systems. For products solutions where the server was provided, it is customer responsibility to validate and deploy patches.

**Information or patch available in Incenter.

***Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure.

End Update C

Begin Update B: 2021 March 17

Access CT16 Slice (v2.0.0.31538)	DigitalDiagnost C50, C90 and Opta C50 (v1.x.x)	IntellisPace Perinatal (ISP) (v. J.x, K.x)
Access CT6 Slice (v2.0.0.31538)	DR Compact (v3.1)	Intellispace Critical Care and Anesthesia ICCA (v. H.x, J,x)*
Achieva, Achieva 3.0T and Achieva XR (vR5.3, R5.4 and higher)	DuraDiagnost (v3.0.0-4.0.7)	IntelliVue Guardian Software(vE.0x)*
Affiniti 30/50/70	DuraDiagnost Compact (v2.1.0-2.1.3)	IQon Spectral CT (v4.7.2, 4.7.5, 4.7.7)
Big Bore/Big Bore RT (v4.2, 4.8)	DuraDiagnost F30	IU22
Brilliance 64 (v4.1.6, 4.1.7, 4.1.10)	Easy Diagnost (v5.1.0-5.1.1)	Juno DFR 5.7
Brilliance ICT (v4.1.6, 4.1.7)	eICU eCare Manager*	Microdose S0 (Balder) 11.0 and MicroDose SI & SI U (L50 & L50 U) 9.0 P1, P2, P3, P4, P5
Brilliance ICT SP (v4.1.6)	Emergency Care Informatics (v2)**	MobileDiagnost M50, Opta and wDR (1.2-2.10)
Care Orchestrator (v1)	Encore Anywhere (v2.41)	Multi-Patient Bridge (v1.0.0.1)
ClearVue	Epiq 5/7	Multiva and Multiva/Prodiva R5.3 and R5.4 and higher
Clinical Collaboration Platform (VuePACS)	FocalPoint A.0/A.01*	PIC iX (B.0x, C.0x)
CombiDiagnost R90 (v1.0.0-1.0.1.1, 1.0.0.2, 1.01, 1.0.1.1)	Graph Mammo	Prograde (v1.0.0-1.2)
Corsium	IE33	ProxiDiagnost N90
CT5000 Ingenuity (v4.1.10)	IIT Reacts	RIS (formally known as Vue) 11.3
CT 6000 iCT (v4.1.10)	Ingenia (vR5.3, R5.4 and higher)	Sleep Support Portal & PSPNet
CT MX16 EV02 (v2.0)	Ingenuity (v4.0.0-4.1.7)	Sparq
CX50/30	IntelliSpace Breast (v2.1, 2.2, 3.1, and 3.2)	SPhAERA (v3.0 and higher)
Diagnostics Site Server (DSS)**	Intellispace Consultative Criticl Care (ICCC) (vB.02)	ST80i A.02 (v2.05)
DigitalDiagnost (v3.2.0-4.2)	Intellispace ECG (IECG) (vB.00)*	Vereos (v2.0x)

*Software only products with customer owned Operating Systems. For products solutions where the server was provided, it is customer responsibility to validate and deploy patches.

**Information or patch available in Incenter.

***Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure.

End Update B

Begin Update A: 2021 March 2

Achieva, Achieva 3.0T and Achieva XR (R5.3, R5.4 and higher)	DuraDiagnost F30	Microdose S0 (Balder) 11.0 and MicroDose SI & SI U (L50 & L50 U) 9.0 P1, P2, P3, P4, P5
Affiniti 30/50/70	Easy Diagnost (5.1.0-5.1.1)	MobileDiagnost M50, Opta and wDR (1.2-2.10)
ClearVue	Epiq 5/7	Multiva and Multiva/Prodiva R5.3 and R5.4 and higher
Clinical Collaboration Platform (VuePACS)	Graph Mammo	Prograde (1.0.0-1.2)
CombiDiagnost R90 (v1.0.0-1.0.1.1)	IE33	ProxiDiagnost N90
CX50/30	IIT Reacts	RIS (formally known as Vue) 11.3
DigitalDiagnost (v3.2.0-4.2)	Ingenia (R5.3, R5.4 and higher)	Sparq
DigitalDiagnost C50, C90 and Opta C50 (v1.x.x)	IntelliSpace Breast (2.1, 2.2, 3.1, and 3.2)	SPhAERA (3.0 and higher)
DR Compact (3.1)	IntellisPace Perinatal (ISP) (VJ.x, K.x)
DuraDiagnost (3.0.0-4.0.7)	IU22
DuraDiagnost Compact (2.1.0-2.1.3)	Juno DFR 5.7

*Software only products with customer owned Operating Systems. For products solutions where the server was provided, it is customer responsibility to validate and deploy patches.

**Information or patch available in Incenter.

***Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure.

End Update A

Philips Interventional Work Stations (2021 January 14)

Publication Date: 2021 January 14

Update Date: 2021 January 14

In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible security vulnerabilities, the company is proactively issuing an advisory regarding software versions of Philips Interventional WorkSpot, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live, and ViewForum running on older Haswell workstations.

Philips has become aware of a potential moderate-severity security vulnerability in affected systems. This potential vulnerability requires access to the hospital network to exploit. Should successful exploitation occur, there is a possibility that an attacker already within the hospital network could potentially shut down or restart the workstation.

In the event that the workstation is remotely shut down, physicians are still able to use diagnostic imaging from the X-ray system. To date, Philips has not received any reports of exploitation of these issues or of incidents from clinical use that we have been able to associate with this issue.

Philips has released a software patch to proactively address this vulnerability in the installed base, and will schedule service activities with impacted customers to implement the correction. As a mitigation for this potential security vulnerability, customers with expertise are advised to change the IPMI password for the workstation interface.

Customers with questions regarding their specific Philips Interventional WorkSpot, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live, and ViewForum installations should contact their Philips support representative or call 1-800-722-9377 with reference to field change order (FCO) number FCO72200452.

Please see the Philips product security web site for the latest security information for Philips products: https://www.philips.com/productsecurity

Cybersecurity & Infrastructure Security Agency (CISA) Advisory: https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01

ADDENDUM: Affected Product List

This issue affects four Haswell workstations labeled with 12NC identification numbers [4598 009 39471, 4598 009 39481, 4598 009 70861, 4598 009 98531] when running the following versions of interventional software:

Interventional Workspot [Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5]
Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live [Release 1.0]
ViewForum [Release 6.3V1L10]

Philips manufactures, sells and helps you maintain highly complex medical devices and systems. Per policy, only Philips authorized changes are allowed to be made to these systems, either by Philips personnel or under Philips explicit published direction.

Please contact your Philips service representative for specific information about potential vulnerabilities and the availability of patches for your equipment configuration.

Customers with specific questions regarding any security advisory or their Philips products are asked to send an e-mail to productsecurity@philips.com, contact their Philips Service Representative or contact their regional Philips Service Support.

Any media inquiries should be directed to:

Mario Fante, mario.fante@philips.com
or (outside N. America):
Steve Klink, steve.klink@philips.com