Please find our Security Advisories here

Security Advisories

Wreck Advisory (2021 April 15).

Publication Date: 2021 April 15

Update Date: 2021 April 15

Philips is currently monitoring developments and updates related to nine DNS vulnerabilities reported by cybersecurity researchers from Forescout and JSOF. The set of nine vulnerabilities, referred to as NAME:WRECK affect Domain Name System (DNS) implementations which affect at least four common TCP/IP stacks – FreeBSD, IPNet, NetX and Nucleus NET.

As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing DNS with affected TCP/IP stacks for potential impacts from these reported vulnerabilities and validating actions.

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.

When a product does require security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation will be produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.

Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. If customers still have questions, all customers (contract-entitled or otherwise) are encouraged to contact their local service support team or regional product service support as appropriate for up to date information specific to their Philips’ products.

Philips Gemini PET/CT Family systems (2021 March 25)

Publication Date: 2021 March 25

Update Date: 2021 March 25

Philips is a committed leader in medical device cybersecurity. As part of our global Product Security Policy, the company conducts extensive, ongoing analysis of our products, often in collaboration with customers and researchers, to identify and address potential vulnerabilities.

In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible security vulnerabilities, the company is proactively issuing an advisory regarding a very low-severity issue related to Philips Gemini PET/CT Family systems (CVSS v3 Score – 2.4 on a scale of 10).

This potential issue is related to storage of information in a file system or device without access control, specific to removable media. Should this issue be exploited, there is a possibility that sensitive information may be accessible by unauthorized parties. This potential vulnerability requires physical access to the removable media to exploit.

To date, Philips has not received any reports of exploitation of these issues or of incidents from clinical use that we have been able to associate with this issue.

Philips is reminding customers that users should operate all Philips deployed and supported Gemini PET/CT systems within Philips authorized specifications, including Philips approved software, software configuration, system services, and security configuration.

Customers with questions regarding their specific Philips Gemini PET/CT installations should contact their Philips support representative, visit the customer service solutions web site at https://www.usa.philips.com/healthcare/solutions/customer-service-solutions, or call 1-800-722-9377.

Publication on Cybersecurity & Infrastructure Security Agency (CISA) website: https://us-cert.cisa.gov/ics/advisories/icsma-21-084-01

F5 K02566623 Advisory (CVE-2021-22986, CVE-2021-22987, CVE-2021-22991, CVE-2021-22992 (2021 March 10)

Publication Date: 2021 March 10

Update Date: 2021 March 12

Philips is currently monitoring developments and updates related to the recent F5 alert concerning four critical CVEs, along with three related CVEs (two highs and one medium).

As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing F5 for potential impacts from these reported vulnerabilities and validating actions. F5 has released a patch to help remediate this vulnerability. Philips is currently in the process of validating the F5 patch and vendor recommended mitigation options. Once the F5 patch has been tested and validated by Philips with the impacted products, the patch will either be installed by Philips or made available for installation by customers, depending on contract details.

Begin Update A: March 12, 2020

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to CVE-2021-22986, CVE-2021-22987, CVE-2021-22991, CVE-2021-22992. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

Clinical Collaboration Platform ***

(formally called Vue PACS)

IS PACS (versions 3.6, 4.1, 4.4, 4.4.551, and 4.4.553***

Universal Data Manager (UDM) (versions 1.1, 2.1, and 3.1) ***

VueBeyond

*Software only products with customer owned Operating Systems

**Information or patch available in Incenter

***Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure

End Update A

Microsoft Exchange Server Advisory AA21-062A (2021 March 8)

Publication Date: 2021 March 8

Update Date: 2021 March 15

Philips is currently monitoring developments and updates related to the Cybersecurity & Infrastructure Security Agency (CISA) advisory (AA21-062A). CISA partners have observed active exploitation of vulnerabilities in Microsoft Exchange Server products. Successful exploitation of these vulnerabilities allows an unauthenticated attacker to execute arbitrary code on vulnerable Exchange Servers, enabling the attacker to gain persistent system access, as well as access to files and mailboxes on the server and to credentials stored on that system.

Successful exploitation may additionally enable the attacker to compromise trust and identity in a vulnerable network. Microsoft released out-of-band patches to address vulnerabilities in Microsoft Exchange Server. The vulnerabilities impact on-premises Microsoft Exchange Servers and are not known to impact Exchange Online or Microsoft 365 (formerly O365) cloud email services.

At this time, no Philips products are impacted. If we become aware of an affected product, we will post that information here.

Accellion File Transfer Appliance Advisory AA21-055A (2021 February 24)

Publication Date: 2021 February 24

Update Date: 2021 March 3, 2021

Philips is currently monitoring developments and updates related to the recent exploitation of Accellion File Transfer Appliance (FTA) – AA21-055A. The joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States. Worldwide, actors have exploited the vulnerabilities to attack multiple federal and state, local, tribal, and territorial (SLTT) government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors.

According to Accellion, this activity involves attackers leveraging four vulnerabilities to target FTA customers. Accellion FTA is a file transfer application that is used to share files. In mid-December 2020, Accellion was made aware of a zero-day vulnerability in Accellion FTA and released a patch on December 23, 2020.

Begin Update A: 2021 March 3

To date, Philips’s review has not identified products or solutions containing the Accellion file transfer vulnerabilities.

End Update A

VMware Advisory CVE-2021-21972, CVE-2021-2021-21973, CVE-2021-21974 (2021 February 23)

Publication Date: 2021 February 23

Update Date: 2021 March 15

Philips continues to review developments related to recently reported VMware ESXi and vCenter Server critically rated updates (CVE-2021-21972, CVE-2021-21973 and CVE-2021-21974), related to multiple vulnerabilities in VMware ESXi and vSphere Client (HTML5). At this time, VMWare has made software updates available to remediate these vulnerabilities in affected VMware products.

Following evaluation of the reported VMWare vulnerabilities, Philips has identified a limited number of products that contain affected VMWare software. Philips analysis has determined that the majority of these products are not affected by the reported vulnerability.

For products potentially affected by the VMWare vulnerability, Philips has determined that if affected VMWare software is updated the most recent versions containing the security upgrade, the reported vulnerabilities are mitigated. Philips does not provide or maintain VMware for customers using these products and advises customers to assess their VMware environment to determine if a software update/upgrade is necessary.

Affected Philips systems are safe for continued operation consistent with their Instructions for Use. To date, Philips has not received any reports of exploitation of these issues or of incidents from clinical use that we have been able to associate with this issue.

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips-approved product specifications.

Begin Update A: 2021 March 15

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products running on VMware ESXi and vCenter that could be vulnerable to CVE-2021-21972, CVE-2021-21973 or CVE-2021-21974. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

CareEvent C.0x*	IntelliSpace PACS 4.4, 4.4.551, 4.4.553***	Patient Information Center (PIC) iX B.0x/C.0x*
Clinical Collaboration Platform (registered as VuePACS)*	IntelliSpace Portal Server and IntelliSpace Portal Enterprise*	PerformanceBridge Focal Point A.0x*
eCareManger 4.2.x/4.3.x/4.4.x/4.5.x*	IntelliSpace Portal Enterprise (Concerto) solution with hardware and VM/vSphere infrastructure supplied by Philips*,**	Pinnacle 18.x***
IntelliSite Pathology Solution	IntelliVue Guardian Software (IGS) E.0x*	RIS (formally known as Vue)*
IntelliSpace Critical Care and Anethesia (ICCA) H.02/J.01*	Multi-patient Bridge 1.0.x/2.0.x*	UDM 1.1, 2.1

*Software only product, customers may have installed these products on VMware. For these products, Philips does not validate VMware security patches. It is the customer responsibility to validate and deploy VMware patches.

**Information or patch available in Incenter

***Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure

****In case of valid service level agreement, Philips is in the process of validating and deploying the patch on the Philips provided infrastructure. In case there is no valid service level agreement, please contact your local Philips IntelliSpace Portal representative.

End Update A

Joint FBI/CISA/Treasury Advisory “AppleJeus” (2021 February 19)

Publication Date: 2021 February 19

Update Date: 2021 February 19

Philips is currently monitoring developments and updates related to the joint advisory (AA21-048A) published the results of analytic efforts between the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Treasury (Treasury). The report highlights the cyber threat to cryptocurrency posed by North Korea, formally known as the Democratic People’s Republic of Korea (DPRK), and provides mitigation recommendations.

Working with U.S. government partners, FBI, CISA, and Treasury assess that Lazarus Group, which these agencies attribute to North Korean state-sponsored advanced persistent threat (APT) actors, is targeting individuals and companies, including cryptocurrency exchanges and financial service companies, through the dissemination of cryptocurrency trading applications that have been modified to include malware that facilitates theft of cryptocurrency.

The US Government has identified malware and indicators of compromise (IOCs) used by the North Korean government to facilitate cryptocurrency thefts; the cybersecurity community refers to this activity as “AppleJeus.”

At this time, no Philips products are impacted. If we become aware of an affected product, we will post that information here.

Microsoft Critical Feb Vulnerabilities CVE-2021-24074 CVE-2021-24094 CVE-2021-24086 (2021 February 9)

Publication Date: 2021 February 09

Update Date: 2021 March 23

Philips is currently monitoring developments and updates related to the recent Microsoft alert concerning a set of fixes affecting Windows TCP/IP implementation that includes two Critical Remote Code Execution (RCE) vulnerabilities (CVE-2021-24074, CVE-2021-24094) and an Important Denial of Service (DoS) vulnerability (CVE-2021-24086).

The three TCP/IP security vulnerabilities impact computers running Windows client and server versions starting with Windows 7 and higher. According to Microsoft, of the three vulnerabilities, the CVE-2021-24086 flaw is most likely to be exploited for orchestration of denial-of-service attacks that cause a STOP error with a Blue Screen of Death in Windows OS.

The two RCE vulnerabilities are complex which make it difficult to create functional exploits, so they are less likely to be exploited in the short term. However, researchers at Microsoft believe attackers will be able to create DoS exploits much more quickly and expect all three issues might be exploited with a DoS attack shortly after release. Thus, Microsoft recommends customers move quickly to apply Windows security updates as soon as possible. These vulnerabilities result from a flaw in Microsoft’s implementation of TCP/IP and affect all Windows versions.

Microsoft has released patches to help remediate these vulnerabilities. Philips is currently in the process of evaluating these patches. As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing Microsoft Operating Systems for potential impacts from these reported vulnerabilities and validating actions. Philips is also monitoring for OS updates related to these vulnerabilities and evaluating further actions or updates to potentially affected Philips products.

If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation is produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.

Begin Update C: 2021 March 23

Access CT16 Slice (v2.0.0.31538)	DigitalDiagnost C50, C90 and Opta C50 (v1.x.x)	IntelliSpace Portal Server (V9.0-11.0)**
Access CT6 Slice (v2.0.0.31538)	DR Compact (v3.1)	IntelliSpace Portal Workstation (V9.0-11.0)**
Achieva, Achieva 3.0T and Achieva XR (vR5.3, R5.4 and higher)	DuraDiagnost (v3.0.0-4.0.7)	IntelliVue Guardian Software(vE.0x)*
Affiniti 30/50/70	DuraDiagnost Compact (v2.1.0-2.1.3)	IQon Spectral CT (v4.7.2, 4.7.5, 4.7.7)
Big Bore/Big Bore RT (v4.2, 4.8)	DuraDiagnost F30
Brilliance 64 (v4.1.6, 4.1.7, 4.1.10)	Dream Mapper**	Juno DFR 5.7
Brilliance ICT (v4.1.6, 4.1.7)	Easy Diagnost (v5.1.0-5.1.1)	Microdose S0 (Balder) 11.0 and MicroDose SI & SI U (L50 & L50 U) 9.0 P1, P2, P3, P4, P5
Brilliance ICT SP (v4.1.6)	eICU eCare Manager*	MobileDiagnost M50, Opta and wDR (1.2-2.10)
CareEvent,*	Emergency Care Informatics (v2)**	Multi-Patient Bridge (v1.0.0.1)*
Care Orchestrator (v1)	Encore Anywhere (v2.41)**	Multiva and Multiva/Prodiva R5.3 and R5.4 and higher
ClearVue	Epiq 5/7	PIC iX (B.0x, C.0x),*
Clinical Collaboration Platform (VuePACS)	FocalPoint A.0/A.01*	Prograde (v1.0.0-1.2)
CombiDiagnost R90 (v1.0.0-1.0.1.1, 1.0.0.2, 1.01, 1.0.1.1)	Graph Mammo	ProxiDiagnost N90
Corsium	Ingenia (vR5.3, R5.4 and higher)	RIS (formally known as Vue) 11.3
CT5000 Ingenuity (v4.1.10)	Ingenuity (v4.0.0-4.1.7)	Sleep Support Portal & PSPNet**
CT 6000 iCT (v4.1.10)	IntelliSpace Breast (v2.1, 2.2, 3.1, and 3.2)	Sparq
CT MX16 EV02 (v2.0)	Intellispace Consultative Critical Care (ICCC) (vB.02)*	SPhAERA (v3.0 and higher)
CX50/30	Intellispace ECG (IECG) (vB.00),*	Vereos (v2.0x)
Diagnostics Site Server (DSS)**	IntellisPace Perinatal (ISP) (v. J.x, K.x),*
DigitalDiagnost (v3.2.0-4.2)**	Intellispace Critical Care and Anesthesia ICCA (v. H.x, J,x),*

*Software only products with customer owned Operating Systems. For products solutions where the server was provided, it is customer responsibility to validate and deploy patches.

**Information or patch available in Incenter.

***Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure.

End Update C

Begin Update B: 2021 March 17

Access CT16 Slice (v2.0.0.31538)	DigitalDiagnost C50, C90 and Opta C50 (v1.x.x)	IntellisPace Perinatal (ISP) (v. J.x, K.x)
Access CT6 Slice (v2.0.0.31538)	DR Compact (v3.1)	Intellispace Critical Care and Anesthesia ICCA (v. H.x, J,x)*
Achieva, Achieva 3.0T and Achieva XR (vR5.3, R5.4 and higher)	DuraDiagnost (v3.0.0-4.0.7)	IntelliVue Guardian Software(vE.0x)*
Affiniti 30/50/70	DuraDiagnost Compact (v2.1.0-2.1.3)	IQon Spectral CT (v4.7.2, 4.7.5, 4.7.7)
Big Bore/Big Bore RT (v4.2, 4.8)	DuraDiagnost F30	IU22
Brilliance 64 (v4.1.6, 4.1.7, 4.1.10)	Easy Diagnost (v5.1.0-5.1.1)	Juno DFR 5.7
Brilliance ICT (v4.1.6, 4.1.7)	eICU eCare Manager*	Microdose S0 (Balder) 11.0 and MicroDose SI & SI U (L50 & L50 U) 9.0 P1, P2, P3, P4, P5
Brilliance ICT SP (v4.1.6)	Emergency Care Informatics (v2)**	MobileDiagnost M50, Opta and wDR (1.2-2.10)
Care Orchestrator (v1)	Encore Anywhere (v2.41)	Multi-Patient Bridge (v1.0.0.1)
ClearVue	Epiq 5/7	Multiva and Multiva/Prodiva R5.3 and R5.4 and higher
Clinical Collaboration Platform (VuePACS)	FocalPoint A.0/A.01*	PIC iX (B.0x, C.0x)
CombiDiagnost R90 (v1.0.0-1.0.1.1, 1.0.0.2, 1.01, 1.0.1.1)	Graph Mammo	Prograde (v1.0.0-1.2)
Corsium	IE33	ProxiDiagnost N90
CT5000 Ingenuity (v4.1.10)	IIT Reacts	RIS (formally known as Vue) 11.3
CT 6000 iCT (v4.1.10)	Ingenia (vR5.3, R5.4 and higher)	Sleep Support Portal & PSPNet
CT MX16 EV02 (v2.0)	Ingenuity (v4.0.0-4.1.7)	Sparq
CX50/30	IntelliSpace Breast (v2.1, 2.2, 3.1, and 3.2)	SPhAERA (v3.0 and higher)
Diagnostics Site Server (DSS)**	Intellispace Consultative Criticl Care (ICCC) (vB.02)	ST80i A.02 (v2.05)
DigitalDiagnost (v3.2.0-4.2)	Intellispace ECG (IECG) (vB.00)*	Vereos (v2.0x)

*Software only products with customer owned Operating Systems. For products solutions where the server was provided, it is customer responsibility to validate and deploy patches.

**Information or patch available in Incenter.

***Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure.

End Update B

Begin Update A: 2021 March 2

Achieva, Achieva 3.0T and Achieva XR (R5.3, R5.4 and higher)	DuraDiagnost F30	Microdose S0 (Balder) 11.0 and MicroDose SI & SI U (L50 & L50 U) 9.0 P1, P2, P3, P4, P5
Affiniti 30/50/70	Easy Diagnost (5.1.0-5.1.1)	MobileDiagnost M50, Opta and wDR (1.2-2.10)
ClearVue	Epiq 5/7	Multiva and Multiva/Prodiva R5.3 and R5.4 and higher
Clinical Collaboration Platform (VuePACS)	Graph Mammo	Prograde (1.0.0-1.2)
CombiDiagnost R90 (v1.0.0-1.0.1.1)	IE33	ProxiDiagnost N90
CX50/30	IIT Reacts	RIS (formally known as Vue) 11.3
DigitalDiagnost (v3.2.0-4.2)	Ingenia (R5.3, R5.4 and higher)	Sparq
DigitalDiagnost C50, C90 and Opta C50 (v1.x.x)	IntelliSpace Breast (2.1, 2.2, 3.1, and 3.2)	SPhAERA (3.0 and higher)
DR Compact (3.1)	IntellisPace Perinatal (ISP) (VJ.x, K.x)
DuraDiagnost (3.0.0-4.0.7)	IU22
DuraDiagnost Compact (2.1.0-2.1.3)	Juno DFR 5.7

*Software only products with customer owned Operating Systems. For products solutions where the server was provided, it is customer responsibility to validate and deploy patches.

**Information or patch available in Incenter.

***Philips hosting business is in the process of validating and deploying the patch to the managed infrastructure.

End Update A

Philips Interventional Work Stations (2021 January 14)

Publication Date: 2021 January 14

Update Date: 2021 January 14

In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible security vulnerabilities, the company is proactively issuing an advisory regarding software versions of Philips Interventional WorkSpot, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live, and ViewForum running on older Haswell workstations.

Philips has become aware of a potential moderate-severity security vulnerability in affected systems. This potential vulnerability requires access to the hospital network to exploit. Should successful exploitation occur, there is a possibility that an attacker already within the hospital network could potentially shut down or restart the workstation.

In the event that the workstation is remotely shut down, physicians are still able to use diagnostic imaging from the X-ray system. To date, Philips has not received any reports of exploitation of these issues or of incidents from clinical use that we have been able to associate with this issue.

Philips has released a software patch to proactively address this vulnerability in the installed base, and will schedule service activities with impacted customers to implement the correction. As a mitigation for this potential security vulnerability, customers with expertise are advised to change the IPMI password for the workstation interface.

Customers with questions regarding their specific Philips Interventional WorkSpot, Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live, and ViewForum installations should contact their Philips support representative or call 1-800-722-9377 with reference to field change order (FCO) number FCO72200452.

Please see the Philips product security web site for the latest security information for Philips products: https://www.philips.com/productsecurity

Cybersecurity & Infrastructure Security Agency (CISA) Advisory: https://us-cert.cisa.gov/ics/advisories/icsma-21-019-01

ADDENDUM: Affected Product List

This issue affects four Haswell workstations labeled with 12NC identification numbers [4598 009 39471, 4598 009 39481, 4598 009 70861, 4598 009 98531] when running the following versions of interventional software:

Interventional Workspot [Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5]
Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live [Release 1.0]
ViewForum [Release 6.3V1L10]

Philips manufactures, sells and helps you maintain highly complex medical devices and systems. Per policy, only Philips authorized changes are allowed to be made to these systems, either by Philips personnel or under Philips explicit published direction.

Please contact your Philips service representative for specific information about potential vulnerabilities and the availability of patches for your equipment configuration.

Customers with specific questions regarding any security advisory or their Philips products are asked to send an e-mail to productsecurity@philips.com, contact their Philips Service Representative or contact their regional Philips Service Support.

Any media inquiries should be directed to:

Mario Fante, mario.fante@philips.com
or (outside N. America):
Steve Klink, steve.klink@philips.com