security banner image

Please find our Security Advisories here

Security Advisories

Accellion File Transfer Appliance Advisory AA21-055A (2021 February 24)

Publication Date: 2021 February 24 

Update Date: 2021 March 3, 2021

 

Philips is currently monitoring developments and updates related to the recent exploitation of Accellion File Transfer Appliance (FTA) – AA21-055A. The joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States. Worldwide, actors have exploited the vulnerabilities to attack multiple federal and state, local, tribal, and territorial (SLTT) government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors. 

 

According to Accellion, this activity involves attackers leveraging four vulnerabilities to target FTA customers. Accellion FTA is a file transfer application that is used to share files. In mid-December 2020, Accellion was made aware of a zero-day vulnerability in Accellion FTA and released a patch on December 23, 2020. 

 

Begin Update A: 2021 March 3

 

To date, Philips’s review has not identified products or solutions containing the Accellion file transfer vulnerabilities.


End Update A

VMware Advisory CVE-2021-21972, CVE-2021-2021-21973, CVE-2021-21974 (2021 February 23)

Publication Date: 2019 February 23 

Update Date:  2021 March 3

 

Philips is currently monitoring developments and updates related to the recent VMware ESXi and vCenter Server critically rated updates (CVE-2021-21972, CVE-2021-21973 and CVE-2021-21974). According to VMware, multiple vulnerabilities in VMware ESXi and vSphere Client (HTML5) were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

 

Philips is currently in the process of evaluating these upgrades. As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing Progress Telerik UI for potential impacts from these reported vulnerabilities and validating actions. Philips is also monitoring for updates related to these vulnerabilities and evaluating further actions or updates to potentially affected Philips products.

 

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.

 

If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation is produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.

 

Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. If customers still have questions, all customers (contract-entitled or otherwise)  are encouraged to contact their local service support team or regional product service support as appropriate for up to date information specific to their Philips’ products.

Begin Update A: 2021 March 3

 

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to CVE-2021-21972, CVE-2021-21973 or CVE-2021-21974. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

Clinical Collaboration Platform (registered as VuePACS)*
IntelliSphere Critical Care and Anesthesia (ICCA) J.01/H.02*
Pinnacle 18.x***
IntelliSite Pathology Solution
IntelliSpace PACS 4.4, 4.4.551, 4.4.553***
RIS (formally known as Vue)*
IntelliSpace Portal Server 10.0*
IntelliVue PIC iX B.02/C.02/C.03*
UDM 1.1, 2.1

*Software only products with customer supplied VMware/vSphere

**Information or patch available in Incenter

***Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure

 

End Update A

Joint FBI/CISA/Treasury Advisory “AppleJeus” (2021 February 19)

Publication Date: 2021 February 19 

Update Date: 2021 February 19 

 

Philips is currently monitoring developments and updates related to the joint advisory (AA21-048A) published the results of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury). The report highlights the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic People’s Republic of Korea (DPRK), and provides mitigation recommendations. 

 

Working with U.S. government partners, FBI, CISA, and Treasury assess that Lazarus Group, which these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actors, is targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of cryptocurrency trading applications that have been modified to include malware that facilitates theft of cryptocurrency.

 

The US Government has identified malware and indicators of compromise (IOCs) used by the North Korean government to facilitate cryptocurrency thefts; the cybersecurity community refers to this activity as “AppleJeus.”

 

At this time, no Philips products are impacted. If we become aware of an affected product, we will post that information here.

Microsoft Critical Feb Vulnerabilities CVE-2021-24074 CVE-2021-24094 CVE-2021-24086 (2021 February 9)

 

 

Publication Date: 2021 February 09 

Update Date:  2021 March 2

 

Philips is currently monitoring developments and updates related to the recent Microsoft alert concerning a set of fixes affecting Windows TCP/IP implementation that includes two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086).

 

The three TCP/IP security vulnerabilities impact computers running Windows client and server versions starting with Windows 7 and higher. According to Microsoft, of the three vulnerabilities, the CVE-2021-24086 flaw is most likely to be exploited for orchestration of denial-of-service attacks that cause a STOP error with a Blue Screen of Death in Windows OS.


The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are less likely to be exploited in the short term. However, researchers at Microsoft believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, Microsoft recommends customers move quickly to apply Windows security updates as soon as possible. These vulnerabilities result from a flaw in Microsoft’s implementation of TCP/IP and affect all Windows versions. 

 

Microsoft has released patches to help remediate these vulnerabilities. Philips is currently in the process of evaluating these patches. As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing Microsoft Operating Systems for potential impacts from these reported vulnerabilities and validating actions. Philips is also monitoring for OS updates related to these vulnerabilities and evaluating further actions or updates to potentially affected Philips products. 

 

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.

 

If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation is produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.

 

Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. If customers still have questions, all customers (contract-entitled or otherwise)  are encouraged to contact their local service support team or regional product service support as appropriate for up to date information specific to their Philips’ products.

Begin Update A: 2021 March 2
Achieva, Achieva 3.0T and Achieva XR (R5.3, R5.4 and higher)
DuraDiagnost F30
Microdose S0 (Balder) 11.0 and MicroDose SI & SI U (L50 & L50 U) 9.0 P1, P2, P3, P4, P5
Affiniti 30/50/70
Easy Diagnost (5.1.0-5.1.1)
MobileDiagnost M50, Opta and wDR (1.2-2.10)
ClearVue
Epiq 5/7
Multiva and Multiva/Prodiva R5.3 and R5.4 and higher
Clinical Collaboration Platform (VuePACS)
Graph Mammo
Prograde (1.0.0-1.2)
CombiDiagnost R90 (v1.0.0-1.0.1.1)
IE33
ProxiDiagnost N90
CX50/30
IIT Reacts
RIS (formally known as Vue) 11.3
DigitalDiagnost (v3.2.0-4.2)
Ingenia (R5.3, R5.4 and higher)
Sparq
DigitalDiagnost C50, C90 and Opta C50 (v1.x.x)
IntelliSpace Breast (2.1, 2.2, 3.1, and 3.2)
SPhAERA (3.0 and higher)
DR Compact (3.1)
IntellisPace Perinatal (ISP) (VJ.x, K.x)
DuraDiagnost (3.0.0-4.0.7)
IU22
DuraDiagnost Compact (2.1.0-2.1.3)
Juno DFR 5.7
End Update A
Philips Interventional Work Stations (2021 January 14)

Publication Date: 2021 January 14 

Update Date:  2021 January 14

 

Philips is a committed leader in medical device cybersecurity. As part of our global Product Security Policy, the company conducts extensive, ongoing analysis of our products, often in collaboration with customers and researchers, to identify and address potential vulnerabilities.

 

In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible security vulnerabilities, the company is proactively issuing an advisory regarding software versions of Philips Interventional WorkSpot, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live, and ViewForum running on older Haswell workstations.

 

Philips has become aware of a potential moderate-severity security vulnerability in affected systems. This potential vulnerability requires access to the hospital network to exploit. Should successful exploitation occur, there is a possibility that an attacker already within the hospital network could potentially shut down or restart the workstation.

 

In the event that the workstation is remotely shut down, physicians are still able to use diagnostic imaging from the X-ray system. This is a low severity hazard, thus unlikely to lead to patient harm. To date, Philips has not received any reports of exploitation of these issues or of incidents from clinical use that we have been able to associate with this issue.

 

Philips has released a software patch to proactively address this vulnerability in the installed base, and will schedule service activities with impacted customers to implement the correction. As a mitigation for this potential security vulnerability, customers with expertise are advised to change the IPMI password for the workstation interface.

 

Customers with questions regarding their specific Philips Interventional WorkSpot, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live, and ViewForum installations should contact their Philips support representative or call 1-800-722-9377 with reference to field change order (FCO) number FCO72200452.

 

Please see the Philips product security web site for the latest security information for Philips products: https://www.philips.com/productsecurity

 

ADDENDUM: Affected Product List

 

This issue affects four Haswell workstations labeled with 12NC identification numbers [4598 009 39471, 4598 009 39481, 4598 009 70861, 4598 009 98531] when running the following versions of interventional software:

  • Interventional Workspot [Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5]
  • Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live [Release 1.0]
  • ViewForum [Release 6.3V1L10] 

Philips manufactures, sells and helps you maintain highly complex medical devices and systems. Per policy, only Philips authorized changes are allowed to be made to these systems, either by Philips personnel or under Philips explicit published direction.


Please contact your Philips service representative for specific information about potential vulnerabilities and the availability of patches for your equipment configuration.

Customers with specific questions regarding any security advisory or their Philips products are asked to send an e-mail to productsecurity@philips.com, contact their Philips Service Representative or contact their regional Philips Service Support.

 

Any media inquiries should be directed to:


Mario Fante, mario.fante@philips.com
or (outside N. America):
Steve Klink, steve.klink@philips.com