Philips Brilliance Computed Tomography (CT) System (Update A)

Risk Summary

Successful exploitation of these vulnerabilities may allow an attacker to attain elevated privileges and access unauthorized system resources, including access to execute software or to view/update files including patient health information (PHI), directories, or system configuration. This could impact system confidentiality, system integrity, or system availability. Philips has received no reports of exploitation or incidents from clinical associated with these vulnerabilities.

CVEs (3)

Remediations

• Philips has identified the following guidance and controlling risk mitigations:
• Philips has also remediated hard-coded credential vulnerabilities for Brilliance iCT 4.x and above versions. The Philips iCT-iPatient (v4.x) family Instructions for Use (IFU) refers to the ability to manage credentials and is accessible to entitled users from the Philips InCenter.
• As the MX8000 Dual EXP has been out of support since 2017, Philips recommends a replacement based on user need. Please contact a local sales organization.
• Philips will be further assessing options for remediation with future product introductions and/or upgrades across the CT & AMI modalities to address identified security vulnerabilities. Users with questions about their specific Brilliance CT or MX8000 Dual EXP products should contact a Philips service support team.
• The Philips ' advisory is available at the following URL:
• http://www.philips.com/productsecurity (link is external)

Affected Vendors

Affected Products (4)

Affected Sectors

Healthcare and public Health