Philips Tasy EMR (Update A)

Risk Summary

Successful exploitation of these vulnerabilities could impact or compromise patient confidentiality and system integrity. Philips ' analysis has shown these issues, if fully exploited, may allow an attacker of low skill to provide unexpected input into the application, execute arbitrary code, alter the intended control flow of the system, and access sensitive information.

CVEs (2)

Remediations

• Philips advises users to update to the most recently released versions of the product, following the Tasy EMR release schedule. Update Tasy EMR, to version 3.03.1745 or higher and update Tasy WebPortal, to version 3.03.1758 or higher.
• Philips also recommends users follow the instructions in the product configuration manual and follow market standard best practices from the application server manufacturer documentation related to security.
• Users should upgrade Service Packs as soon as possible. Hosted solutions will be patched automatically. Users running the application on premise are always alerted via release notes on changes to the system.
• https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm

Affected Vendors

Affected Products (2)

Affected Sectors

Healthcare and Public Health