← Back to home
ICSMA-19-241-02  ·  Published 2019-08-29  ·  View on CISA ICS-CERT ↗

Philips HDI 4000 Ultrasound

CVSS 3.0 LOW

Risk Summary

Successful exploitation of this vulnerability could lead to exposure of ultrasound images (breaches of confidentiality) and compromised image integrity. The vulnerability does not affect patient safety or systems operations (availability).

CVEs (1)

Remediations

  • Users should implement controls to limit access to the network and consider replacing the system with a newer technology and supported operating system.
  • Please see the Philips product security website for the latest security information for Philips products:
  • https://www.philips.com/productsecurity
  • The support life cycle for the Philips HDI 4000 Ultrasound system ended on December 31, 2013. As such, these devices are no longer sold, updated, or supported by Philips.
  • Where additional information is needed, follow this link to existing cybersecurity in medical device guidance issued by the FDA.
  • High skill level is needed to exploit.

Affected Vendors

Philips

Affected Products (1)

Philips · Philips HDI 4000 Ultrasound Systems * running on old, unsupported operating systems such as Windows 2000

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more