Publication Date: 2021 February 24
Update Date: 2021 March 3, 2021
Philips is currently monitoring developments and updates related to the recent exploitation of Accellion File Transfer Appliance (FTA) – AA21-055A. The joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia, New Zealand, Singapore, the United Kingdom, and the United States. Worldwide, actors have exploited the vulnerabilities to attack multiple federal and state, local, tribal, and territorial (SLTT) government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors.
According to Accellion, this activity involves attackers leveraging four vulnerabilities to target FTA customers. Accellion FTA is a file transfer application that is used to share files. In mid-December 2020, Accellion was made aware of a zero-day vulnerability in Accellion FTA and released a patch on December 23, 2020.
Begin Update A: 2021 March 3
To date, Philips’s review has not identified products or solutions containing the Accellion file transfer vulnerabilities.
End Update A