Flaw in Philips ultrasound machines allows bypass of authentication
|
Photo credit Phillips
|
PARCA eNews – July 15, 2020 – Philips issued a warning about an authentication bypass affecting Philips Ultrasound Systems (CVE-2020-14477) that can potentially be used to allow an attacker to view or modify information. The vulnerability is due to the presence of an alternative path or channel that can be used to bypass authentication controls.
The flaw involves:
- Ultrasound ClearVue Versions 3.2 and prior
- Ultrasound CX Versions 5.0.2 and prior
- Ultrasound EPIQ/Affiniti Versions VM5.0 and prior
- Ultrasound Sparq Version 3.0.2 and prior and
- Ultrasound Xperius all versions
Philips has corrected the flaw for the Ultrasound EPIQ/Affiniti systems in its VM6.0 release.
For more information visit the Cybersecurity & Infrastructure Security Agency (CISA)
Users of these systems should contact their Philips representative for further information on installing the update.
No comments:
Post a Comment