PARCA eNews – July 6, 2021 – The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert today regarding significant security vulnerabilities for Philips Vue PACS. The alert pertains to several versions of the platform’s software and lists 15 specific vulnerabilities including two that are considered critical on the Common Vulnerability Scoring System.
The advisory pointed to the potential for exploitation by unauthorized users that could allow eavesdropping, viewing or modifying data, code execution and installation of unauthorized software.
The alert pertained to Vue PACS versions 12.2 and prior and included Vue MyVue, Vue Speech and Vue Motion versions of the software.
Philips first reported the vulnerabilities to CISA in June and had fixed a number of the problems in May and June 2021. The Dutch company plans to provide fixes for other vulnerabilities by the first quarter of 2022.
In the meantime CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
For any questions related to this report, please contact the CISA at:
Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870
- Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
- Locate control system networks and remote devices behind firewalls, and isolate them from the business network.
- When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.
For any questions related to this report, please contact the CISA at:
Email: CISAservicedesk@cisa.dhs.gov
Toll Free: 1-888-282-0870
Source: CISA ICS Medical Advisory (ICSMA-21-187-01)
No comments:
Post a Comment