Publication Date: 2021 July 13
Update Date: 2021 July 13
Philips is currently monitoring developments related to recent reports of a security vulnerability affecting the SolarWinds Serv-U Managed File Transfer and Serv-U Secure FTP. According to SolarWinds, the vulnerability exists in the latest Serv-U version 15.2.3 HF1 released May 5, 2021, and all prior versions. A threat actor who successfully exploits this vulnerability could run arbitrary code with privileges. An attacker could then install programs; view, change, or delete data; or run programs on the affected system.
Our global security teams are analyzing updates from SolarWinds, in the event that this issue may potentially be related to known security vulnerabilities. CVE-2021-35211 was assigned to Serv-U Remote Memory Escape Vulnerability.
Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our solutions. The company is a recognized leader in health technology cybersecurity. As part of the global Philips Product Security Policy, the company conducts extensive, ongoing analysis of our solutions, often in collaboration with customers, researchers, and government agencies.
To date, Philips’s review has not identified products affected by the Solarwinds software vulnerabilities. Philips does not utilize Solarwinds in an external facing capacity when servicing or monitoring medical devices through Philips Remote Service Network (RSN/PRS). Our review and analysis is ongoing.