Publication Date: 2020 December 9
Update Date: 2021 January 21
Philips is currently monitoring developments and updates related to the recently published U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) advisory (ICSA-20-343-01) concerning 33 reported vulnerabilities found in multiple open-source software TCP/IP stacks, referred to as “Amnesia33”.
According to CISA, successful exploitation of these vulnerabilities could allow attackers to corrupt memory, put devices into infinite loops, access unauthorized data, and/or poison DNS cache.
As part of the Philips product security policy and protocols, Philips’ teams are evaluating the affected TCP/IP third-party products listed in the CISA advisory, and their potential relation to known security issues, to determine if remediation for Philips products may be required. The TCP/IP suppliers of these third-party products have provided mitigations in the CISA advisory.
Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our solutions. The company is a recognized leader in health technology cybersecurity. As part of the global Philips Product Security Policy, the company conducts extensive, ongoing analysis of our solutions, often in collaboration with customers, researchers, and government agencies.
If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation will be produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.
Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. If customers still have questions, all customers (contract-entitled or otherwise) are encouraged to contact their local service support team or regional product service support as appropriate for up to date information specific to their Philips’ products.
Begin Update A: 2021 January 21
To date, Philips’s review has not identified products affected by the Amnesia33 software vulnerabilities. Our review and analysis is ongoing.
End Update A