Significant Vulnerabilities Identified in Philips Vue PACS Medical Imaging Systems

Date: July 9, 2021

A series of security vulnerabilities have been revealed in the Philips Clinical Collaboration Platform Portal (commonly known as Vue PACS). Some of these vulnerabilities could potentially be exploited by malicious actors to gain control over affected systems. According to a warning from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), “Successful exploitation of these vulnerabilities could allow an unauthorized person or process to eavesdrop, view or modify data, gain system access, perform code execution, install unauthorized software, or compromise system data integrity, thereby threatening the confidentiality, integrity, or availability of the system.”

These 15 vulnerabilities affect the following systems:

  • VUE Picture Archiving and Communication Systems (versions 12.2.x.x and earlier)
  • Vue MyVue (versions 12.2.x.x and earlier)
  • Vue Speech (versions 12.2.x.x and earlier)
  • Vue Motion (versions 12.2.1.5 and earlier)

Notably, four specific issues (CVE-2020-1938, CVE-2018-12326, CVE-2018-11218, CVE-2020-4670, and CVE-2018-8014) have been assigned a Critical rating.

Critical Security Vulnerabilities Identified in Philips Vue PACS Imaging Systems

On July 9, 2021, significant security vulnerabilities were reported in the Philips Clinical Collaboration Platform Portal, commonly referred to as Vue PACS. These vulnerabilities pose a serious risk, as they could potentially allow malicious actors to gain control over affected systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) outlined in an advisory that the successful exploitation of these flaws could lead to unauthorized access, data modification, installation of unapproved software, and potential breaches of confidentiality, integrity, and availability within the system.

The vulnerabilities, encompassing a total of fifteen issues, affect various components of the Vue PACS suite, including VUE Picture Archiving and Communication Systems, Vue MyVue, Vue Speech, and Vue Motion. All versions up to 12.2.x.x are implicated, while Vue Motion versions prior to 12.2.1.5 are also at risk. Among the reported vulnerabilities, several have been assigned CVE identifiers, highlighting their seriousness and the need for immediate attention from system users and administrators.

The consequences of such security flaws are not merely hypothetical. They represent tangible threats that could impact healthcare institutions reliant on these imaging systems for critical operations. An unauthorized party could potentially eavesdrop on sensitive communications, modify crucial data, or disrupt services, ultimately affecting patient care and operational efficiency in healthcare facilities.

In examining the attack vectors, the MITRE ATT&CK framework suggests that initial access could be a primary tactic employed by adversaries. Furthermore, tactics such as privilege escalation and persistence may also be at play, allowing intruders to maintain access and control post-exploitation. These methods provide insight into how a coordinated attack could unfold, risking not only data exposure but also operational continuity in various healthcare settings.

As a consequence of these vulnerabilities, affected entities must respond with urgency. It is critical for businesses operating within the healthcare sector to remain vigilant and proactive about their cybersecurity measures. This includes implementing patches and updates promptly, conducting regular security assessments, and educating staff about potential threats.

In summary, the discovery of these vulnerabilities requires immediate action from businesses utilizing Philips Vue PACS systems. The risk of exploitation underscores the broader implications for patient safety and data confidentiality, emphasizing the essential nature of cybersecurity in today’s healthcare landscape. The need for vigilance and robust defenses has never been more pressing as the threat landscape continues to evolve.

Source link

Related Posts

Urgent: Critical RCE Vulnerability in ForgeRock Access Manager Under Active Exploitation

Cybersecurity agencies in Australia and the U.S. are sounding the alarm about a serious vulnerability in ForgeRock’s OpenAM access management system, which is being actively exploited to execute remote code on compromised systems. The Australian Cyber Security Centre (ACSC) has reported that threat actors are leveraging this flaw to infiltrate multiple hosts, deploying additional malware and tools. However, details regarding the nature and scope of the attacks, as well as the identities of the perpetrating actors, remain undisclosed.

Identified as CVE-2021-35464, this vulnerability is a pre-authentication remote code execution (RCE) flaw linked to unsafe Java deserialization in the Jato framework used by ForgeRock Access Manager. Exploiting this vulnerability allows attackers to execute commands within the context of the current user rather than as a root user.

Critical Windows Update: Address 117 Security Flaws, Including 9 Active Zero-Days

July 14, 2021

Microsoft has released its July Patch Tuesday updates, addressing a total of 117 security vulnerabilities, among which are nine zero-day flaws—four of which are currently being exploited in the wild, potentially allowing attackers to gain control of affected systems. Out of these vulnerabilities, 13 are classified as Critical, 103 as Important, and one as Moderate in severity. Notably, six of these vulnerabilities were publicly known at the time of the update.

The updates affect a wide range of Microsoft products, including Windows, Bing, Dynamics, Exchange Server, Office, the Scripting Engine, Windows DNS, and Visual Studio Code. This month saw a significant increase in the number of vulnerabilities patched, surpassing the totals from May (55) and June (50).

Among the most critical actively exploited vulnerabilities are:

  • CVE-2021-34527 (CVSS Score: 8.8) – Windows Print Spooler Remote Code Execution…

Microsoft Alerts Users to Unpatched Vulnerability in Windows Print Spooler

On July 16, 2021, Microsoft issued new guidance about a vulnerability in the Windows Print Spooler service, stating that it is working on a fix for an upcoming security update. Identified as CVE-2021-34481 (CVSS score: 7.8), this local privilege escalation flaw can be exploited for unauthorized actions on affected systems. The vulnerability was discovered and reported by security researcher Jacob Baines.

According to Microsoft’s advisory, “An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploits this vulnerability could execute arbitrary code with SYSTEM privileges.” This would allow them to install software, access, modify, or delete data, and create new accounts with full user rights. It is important to note that successful exploitation requires the attacker to have specific conditions met.

Important: Update Your Chrome Browser to Fix New Zero-Day Vulnerability

Jul 16, 2021

Google has released a critical security update for the Chrome browser on Windows, Mac, and Linux, addressing several vulnerabilities, including a zero-day being actively exploited. This latest patch resolves eight issues, notably a type confusion vulnerability in the V8 open-source and JavaScript engine (CVE-2021-30563). An anonymous researcher reported this flaw on July 12.

In light of the ongoing threat, Google issued a brief statement confirming that “an exploit for CVE-2021-30563 exists in the wild,” but refrained from providing specific details about the vulnerability to prevent further misuse. This marks the ninth zero-day flaw addressed by Google this year, highlighting the ongoing risks to Chrome users.