Publication Date: January 15, 2020
Update Date: January 31, 2010
 

Philips is currently monitoring developments and updates related to the recent Microsoft alert concerning the reported Windows RD Gateway and Windows Remote Desktop Client vulnerabilities (CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611).

 

As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing Microsoft Operating Systems for potential impacts from these reported vulnerabilities and validating actions. Philips is also monitoring for OS updates related to these vulnerabilities and evaluating further actions or updates to potentially affected Philips products.

 

Microsoft has released patches to help remediate these vulnerabilities. Philips is currently in the process of evaluating these patches. According to Microsoft, successful exploitation of this vulnerability could allow an unauthorized user to execute arbitrary code on the target system. An unauthorized user could then install programs; view, change, or delete data; or create new accounts with full user rights.

 

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.

 

If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation is produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.

 

Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. If customers still have questions, all customers (contract-entitled or otherwise)  are encouraged to contact their local service support team or regional product service support as appropriate for up to date information specific to their Philips’ products.
 

Begin Update B: February 4, 2020
 

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

Achieva (R1, R2, R3 to R5, R5, 3.0T, 3.0TX, and XR)
Epiq
Multiva
Affiniti
FlexCardio
Multiva/Prodiva
Allura (Centron, Clarity, Xper)
FocalPoint A.0/A.01
PIC iX*
Azurion
Holter Recorder DigiTrak XT (DTXT)*
PIIC Classic
CareEvent*
Illumeo 2.0
Prograde
ClearVue
Ingenia (upgrade to R5 & Factory R5)
ProxiDiagnost N90
CombiDiagnost R90
Intelibridge Enterprise (IBE)*
Sparq
CompuRecord (F.02, G.00, G.01)*
IntelliSpace Breast
SPhAERA (3.0 to 3.5, 3.6 & greater)
Core M2
IntelliSpace Cardiovascular (ISCV)*
ST80i A.02*
Coronary Tools
IntelliSpace Console Critical Care (ISCCC)
SyncVision
CX50/30
IntelliSpace Discovery 2.0
UDM
Diagnostics Site Server (DSS)
IntelliSpace ECG Management System B.00 (IECG)*
ViewForum
DigitalDiagnost (C50, C90, Opta C50)
IntelliSpace Perinatal (ISP)*
Volcano Core Imaging System
DoseWise Portal*
IntelliSpace Portal (Server & Workstation)
Volcano Core Mobile Imaging System
DR Compact
IntelliVue Guardian Software*
VSS Dashboard*
DuraDiagnost (Compact and F30)
ISP Anywhere
Xcelera 4.1*
EasyDiagnost
ISP VL Caputre 1.1 Visible Light
XIRIS 8.3
EchoNavigator
Juno DRF (5.7)
Xper IM*
eICU Care Manager
MicroDose (S0 (Balder), S1 (L50), S1 U (L50 U))
XtraVision
EP Navigator
MobileDiagnost (M50, Opta, and wDR)

*Software only products with customer owned Operating Systems

**Information or patch available in Incenter

End Update B


Begin Update A: January 21, 2020
 

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to CVE-2020-0609, CVE-2020-0610, and CVE-2020-0611. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

Access CT (6 & 16 Slice)
Achieva (R1, R2, R3 to R5, R5, 3.0T, 3.0TX, and XR)
Brilliance (Big Bore Radiology, CT 64, CT Big Bore, iCT, iCT SP)
CombiDiagnost R90
Corsium
CT MX16 EV02
Diagnostics Site Server (DSS)
DigitalDiagnost (C50, C90, Opta C50)
DR Compact
DuraDiagnost (Compact and F30)
EasyDiagnost
Holter Recorder DigiTrak XT (DTXT)
Ingenia (upgrade to R5 & Factory R5)
Ingenuity (Core, Core 128, Core128/Elite China, CT, CT Brazil, TF PET/CT, TF PET/CT RoHS systems)
IntelliSpace Breast
IntelliSpace Connect Release 1.0
IntelliSpace ECG Management System B.00 (IECG)
IQon Spectral CT
Juno DRF
MicroDose (S0 (Balder), S1 (L50), S1 U (L50 U))
MobileDiagnost (M50, Opta and wDR)
Multiva
Multiva/Prodiva
Prograde
ProxiDiagnost N90
SPhAERA (3.x & 4.x)
ST80i A.02
Vereos

**Information or patch available in Incenter


End Update A