Philips Alice 6 Vulnerabilities (Update B)

Risk Summary

Successful exploitation may allow an attacker to gain visibility to usernames/passwords and personal data. Insufficient encryption and cryptographic integrity checks can lead to altered, corrupted, or disclosed sensitive data. Disclosure of personal data can occur by replacing a trusted node with a malicious node.

CVEs (2)

Remediations

• Philips will notify users of the identified vulnerabilities and will coordinate with users to schedule updates. Philips is scheduled to release a new product version and supporting product documentation for Q1 of 2019. For all users of the Alice 6 System product, Version R8.0.3 or prior, Philips will update the devices to R8.0.4. Philips encourages users to use Philips validated and authorized changes only for the Alice 6 device supported by Philips ' authorized personnel, or under Philips ' explicit published directions for patches, updates, or releases.
• As an interim mitigation to the vulnerabilities until the update can be applied, Philips recommends that users:
• Users with questions regarding their specific Alice 6 installations should contact their local Philips service support team or their regional Alice 6 service support. Contact information is available at the following location:
• https://www.usa.philips.com/healthcare/solutions/customer-service-solutions

Affected Vendors

Affected Products (1)

Affected Sectors

Healthcare and Public Health