Information security specialists report the detection of three vulnerabilities in MRI 1.5T and MRI 3T, two magnetic resonance machines developed by the technology company Philips. According to reports, the flaws could be exploited to compromise vital functions in the affected systems, not to mention that so far there are no known updates.

Below are brief descriptions of the reported vulnerabilities, as well as their respective identification keys and scores assigned by the Common Vulnerability Scoring System (CVSS).

CVE-2021-3083: Inadequate access restrictions allow local threat actors to evade security restrictions in MRI 1.5T and 3T and thus access sensitive information in the system.

The flaw received a CVSS score of 5.7/10 and its exploitation would allow threat actors to gain unauthorized access to restricted features.

CVE-2021-3085: Affected solutions can assign an owner who is outside the intended sphere of control to a resource, which a malicious hacker with local access can leverage to obtain potentially sensitive information.

This is a low-severity vulnerability and received a CVSS score of 5.7/10.

CVE-2021-3084: Excessive data outflow from affected deployments would allow threat actors with local access to gain unauthorized access to sensitive information on the affected system.

The vulnerability received a CVSS score of 5.7/10.

According to the report, the flaws detected reside in the following versions of the affected Philips products:

  • MRI 1.5T v5.0
  • MRI 3T v5.0

Although no active exploitation attempts related to these flaws have been detected so far, it is important to remember that no patches are available. Health facilities where vulnerable machines are used are advised to keep in touch with the supplier in order to find the best safety measures.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post 3 unpatched vulnerabilities in Philips MRI 1.5T and 3T machines allow leaking confidential health data appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

RCE, CSRF and other critical vulnerabilities in FortiOS and FortiProxy affect various Fortinet products

Cybersecurity specialists report the detection of three vulnerabilities in Fortinet products, one…

API Vulnerabilities leaked client’s data of BMW, Roll Royce, Mercedes-Benz, Ferrari, Porsche, Jaguar, Land Rover, Ford, KIA, Honda, Infiniti, Nissan, Acura, Hyundai, Toyota, and Genesis

Hackers may have been able to perform malicious activity, such as unlocking,…

Critical vulnerability affects every Linux application including interpreters of other languages like PHP, Python and any language linked to glibc

Security issues in the GNU C library (gblic) can be disastrous for…

Critical vulnerabilities in NGINX allows complete takeover of affected systems. Exploit publicly available; patch now

Nginx security teams published a report related to a critical vulnerability in…