Three Vulnerabilities Identified in Philips SureSigns Vital Signs Monitors
Three low- to medium-severity vulnerabilities have been identified in Philips SureSigns VS4 vital signs monitors. If exploited, an attacker could gain access to administrative controls and system configurations and alter settings to send sensitive patient data to a remote destination.
The vulnerabilities were identified by the Cleveland Clinic, which reported the flaws to Philips. Philips is unaware of any public exploits for the vulnerabilities and no reports have been received to date to indicate any of the vulnerabilities have been exploited.
The flaws have been categorized as improper input validation (CWE-20), Improper access control (CWE-284), and improper authentication (CWE-287).
Philips SureSigns VS4 receives...