Publication Date: 2021 May 7
Update Date: 2021 September 14
Philips is currently monitoring developments and updates related to the Cybersecurity & Infrastructure Security Agency (CISA) advisory (ICSA-21-119-04). We are aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries.
Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution. This critical vulnerability (CVSS v3 9.8) affects multiple RTOS vendors, most of whom already have a mitigation available.
Begin Update C: 2021 September 14
The products previously listed as vulnerable have been removed. After further investigations and testing it was deemed that due to network configurations and network protocols used with the products, there is no impact from the “BadAlloc” vulnerability.
Begin Update B: 2021 August 24
Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to the “BadAlloc” vulnerability. However, the list below is not comprehensive and may be updated as necessary if more products are identified.