Two New Alerts
The most recent alert issued on June 5 pertains to improper
authentication, information exposure, and stack-based buffer overflow vulnerabilities in certain
Philips' Intellivue patient monitors and Avalon fetal and maternal monitors.
ICS-CERT notes that those issues "may allow an attacker to read/write memory, and/or induce a
denial-of-service through a system restart, thus potentially leading to a delay in diagnosis and treatment of patients."
In addition, a May 17 ICS-CERT advisory warns of a vulnerability involving "missing
encryption" for sensitive data contained in the
Medtronic N'Vision Clinician Programmer, a small, portable device that offers a single programming platform for Medtronic Neurological implantable therapy devices.
If exploited, the vulnerability could allow an attacker with physical access to an 8870 N'Vision Compact Flash card to access patient data, ICS-CERT warns.