Information security specialists report the detection of three vulnerabilities in MRI 1.5T and MRI 3T, two magnetic resonance machines developed by the technology company Philips. According to reports, the flaws could be exploited to compromise vital functions in the affected systems, not to mention that so far there are no known updates.

Below are brief descriptions of the reported vulnerabilities, as well as their respective identification keys and scores assigned by the Common Vulnerability Scoring System (CVSS).

CVE-2021-3083: Inadequate access restrictions allow local threat actors to evade security restrictions in MRI 1.5T and 3T and thus access sensitive information in the system.

The flaw received a CVSS score of 5.7/10 and its exploitation would allow threat actors to gain unauthorized access to restricted features.

CVE-2021-3085: Affected solutions can assign an owner who is outside the intended sphere of control to a resource, which a malicious hacker with local access can leverage to obtain potentially sensitive information.

This is a low-severity vulnerability and received a CVSS score of 5.7/10.

CVE-2021-3084: Excessive data outflow from affected deployments would allow threat actors with local access to gain unauthorized access to sensitive information on the affected system.

The vulnerability received a CVSS score of 5.7/10.

According to the report, the flaws detected reside in the following versions of the affected Philips products:

  • MRI 1.5T v5.0
  • MRI 3T v5.0

Although no active exploitation attempts related to these flaws have been detected so far, it is important to remember that no patches are available. Health facilities where vulnerable machines are used are advised to keep in touch with the supplier in order to find the best safety measures.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post 3 unpatched vulnerabilities in Philips MRI 1.5T and 3T machines allow leaking confidential health data appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

Vulnerability in Apple devices that made them unusable finally fixed. Update immediately iOS

A security update for iOS contains a patch to address a denial…

Patch these 2 new vulnerabilities in your Node.js applications

Cybersecurity specialists reported the detection of at least two vulnerabilities residing in…

Microsoft Azure cloud exposed customers’ confidential source code since 2017

A few weeks ago Microsoft contacted a small group of Azure customers…

Critical vulnerabilties in Open Design Alliance Drawings SDK affects 1,200 companies like Siemens, Microsoft, Bentley and Epic Games

Cybersecurity specialists reported the finding of multiple vulnerabilities in Drawings SDK, a…