This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
CISA has released an advisory about several vulnerabilities found in Philips Vue PACS health devices. In the hands of a hacker, the 15 Philips Vue Vulnerabilities found in the Philips Clinical Collaboration Platform Portal might lead to remote code execution attacks.
The danger that these vulnerabilities pose, according to CISA (the United States Cybersecurity and Infrastructure Security Agency), is as follows:
Successful exploitation of these vulnerabilities could allow an unauthorized person or process to hear in on conversations, view or alter data, gain system access, execute code, install unauthorized software, or compromise system data integrity, all of which could compromise the system’s confidentiality, integrity, or availability.
The vulnerabilities demand immediate attention and patching since four of the fifteen have a CVSS rating of 9.8. (Common Vulnerability Scoring System).
The discovered vulnerabilities were characterized as follows in the advisory released for informational purposes, according to the CISA website:
#1 CVE-2020-1938: 9.8 CVSS scored flaw caused by improper validation of the received data.
#2 CVE-2018-12326 and CVE-2018-11218: the software that works through a memory buffer cannot read or write to an outside of the buffer area memory location. It can be found on the Redis component.
15 Philips Vue Vulnerabilities Could Result in Full Takeover of the Devices