Publication Date: 2021 May 7

Update Date: 2021 September 14

 

Philips is currently monitoring developments and updates related to the Cybersecurity & Infrastructure Security Agency (CISA) advisory (ICSA-21-119-04). We are aware of a public report, known as “BadAlloc” that details vulnerabilities found in multiple real-time operating systems (RTOS) and supporting libraries.

 

Successful exploitation of these vulnerabilities could result in unexpected behavior such as a crash or a remote code injection/execution. This critical vulnerability (CVSS v3 9.8) affects multiple RTOS vendors, most of whom already have a mitigation available.

Begin Update C: 2021 September 14

The products previously listed as vulnerable have been removed. After further investigations and testing it was deemed that due to network configurations and network protocols used with the products, there is no impact from the “BadAlloc” vulnerability.

Begin Update B: 2021 August 24 

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to the “BadAlloc” vulnerability. However, the list below is not comprehensive and may be updated as necessary if more products are identified.

BV Endura (2.3)
BV Pulsera (2.3)
Veradius Neo (1.2)
Veradius Unity (2.1)

*Software only products with customer owned Operating Systems. For products solutions where the server was provided, it is customer responsibility to validate and deploy patches.

**Information or patch available in Incenter

 

Note: 

For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips service teams from providing any required immediate and proactive support such as remote patching.

 

End Update B


Begin Update A: 2021 August 17 

To date, Philips’s review has not identified products affected by the “BadAlloc” vulnerabilities. Our review and analysis is ongoing.

Note: 
For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips service teams from providing any required immediate and proactive support such as remote patching. 


End Update A

Our site can best be viewed with the latest version of Microsoft Edge, Google Chrome or Firefox.