Phillips is developing a software update to mitigate 35 CVE-numbered vulnerabilities in the Philips IntelliSpace Portal (ISP), a clinical imaging visualization and analysis solution that is used by healthcare and public health organizations around the world. According to ICS-CERT, some of the vulnerabilities can be exploited remotely by unauthenticated attackers and exploits for some of them are publicly available, although none are known to specifically target Philips ISP.
Neither ICS-CERT nor Philips mentions how the vulnerabilities were discovered, but it’s likely that at least some of them are found in third-party code included in this and other products not manufactured by Phillips. The vulnerabilities fall into several categories: improper input validation; information exposure; permission, privilege and access control; unquoted search path or element; leftover debug code; and cryptographic issues.
Read more about the Phillips clinical imaging solution vulnerabilities, which may allow attackers unauthorized access to sensitive information stored on the system, and modify this information as well as obtain sensitive information transmitted, including authentication credentials and which affect all 8.0.x and 7.0.x versions of the IntelliSpace Portal, on Help Net Security.