Vulnerability in Philips e-Alert would allow unauthorized actors to turn off MRI monitoring system

Cybersecurity specialists report the detection of a dangerous vulnerability in Philips e-Alert, a monitoring platform for magnetic resonance imaging equipment used in hospitals around the world. According to the report, the successful exploitation of this fault would pose a severe safety risk.

Tracked as CVE-2022-0922, the flaw exists because the affected software does not perform any authentication to access critical functionality in the system, which would allow threat actors to shut down these computers remotely if they are on the network of healthcare facilities.

The vulnerability received a score of 6.5/10 according to the Common Vulnerability Scoring System (CVSS), so it is considered a medium severity error. This error was disclosed through the Cybersecurity and Infrastructure Security Agency (CISA).

In a recent report, Philips announced that this vulnerability will be corrected before June 2022, so for the time being it will be necessary to implement temporary mitigations such as the maintenance of all implemented and compatible Philips products within the specifications authorized by the company.

In addition to Philips’ recommendations, CISA recommends:

  • Reduce network exposure for all devices or control systems
  • Restrict Internet access to these devices
  • Identify remote networks and devices behind firewalls and isolate them from the commercial network
  • Use of virtual private network (VPN) solutions when remotely accessing vulnerable devices

The Agency also recommends that organizations detecting any suspicious malicious activity try to contain the threat and notify the relevant authorities.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.