Publication Date: 2021 September 1

Update Date: 2021 September 1

 

Philips is currently monitoring developments and updates related to the recent Microsoft Windows elevation of privilege vulnerability named HiveNightmare (CVE-2021-36934). With a successful exploitation of this vulnerability an attacker could run arbitrary code with system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

 

Microsoft has released a security patch and a workaround to help remediate this vulnerability. Philips is currently in the process of evaluating this solution. As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing Microsoft Operating Systems for potential impacts from this reported vulnerability and validating actions.

 

Philips is providing the list below to better assist our customers in identifying any Philips’ products vulnerable to the “HiveNightmare (CVE-2021-36934)” vulnerability. However, the list below is not comprehensive and may be updated as necessary if more products are identified.

Product
Product
Product
ACSYS Gateway (1.x)*
e-Whiteboard(1.x)*
ORSYS(G4,X1)*
ACSYS/ACSYS-ER (Ke,Kn,Ki)*
Holter Recorder DigiTrak XT (DTXT)(3.0.3)*
SPhAERA(5.x)
CDE(2.x)*
IntelliSpace Perinatal (K.0)*
ST80i A.02(2.05)*
Diagnostic Site Server (DSS)
IntelliSpace Portal Workstation (11.0/12.0)**
Vi-Pros(1.x)*
eTriage(2.x)*
IntelliVue XDS(M.0/N.01)*

*Software only products with customer owned Operating Systems. For products solutions where the server was provided, it is customer responsibility to validate and deploy patches.
**Information or patch available in Incenter

 

Note: 

For customers who utilize the Philips Remote Services Network (RSN, PRS), all Philips RSN systems are protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips service teams from providing any required immediate and proactive support such as remote patching.

Our site can best be viewed with the latest version of Microsoft Edge, Google Chrome or Firefox.