Home Latest Cyber Security News | Network Security Hacking Multiple Vulnerabilities Discovered In Philips Tasy EMR Solution
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Multiple Vulnerabilities Discovered In Philips Tasy EMR Solution

by Abeerah Hashim
written by Abeerah Hashim
Vulnerabilities in Philips EMR solution

numerous security vulnerabilities exist in the Philips Tasy EMR healthcare informatics solution. Exploiting these bugs could expose sensitive PHI data to an adversary alongside leading to system crashes.

CISA Warns For Philips Tasy EMR Vulnerabilities

The US Cybersecurity & Infrastructure Security Agency (CISA) has recently issued an alert for all healthcare vendors. This alert mentions two severe vulnerabilities in Philips EMR that the vendor reported to CISA itself.

Specifically, Philips confirmed SQL injection vulnerabilities in its Tasy EMR solution. Tasy EMR is a dedicated healthcare informatics solution currently in use by different healthcare facilities.

These bugs include CVE-2021-39375 – an SQL injection via WAdvancedFilter/getDimensionItemsByCode FilterValue parameter, and CVE-2021-39376 – SQL injection via CorCad_F2/executaConsultaEspecifico IE_CORPO_ASSIST or CD_USUARIO_CONVENIO parameter.

According to the details in CISA’s advisory, exploiting the vulnerabilities could directly expose the sensitive patients’ information to the attackers. Moreover, such malicious exploitation could also lead to denial of service.

Successful exploitation of these vulnerabilities could result in patient’s confidential data being exposed or extracted from Tasy’s database, give unauthorized access, or create a denial-of-service condition.

Both the vulnerabilities have received a CVSS score of 8.8. This third-party advisory also elaborates on the two vulnerabilities alongside the PoC.

The bugs primarily affect Philips Tasy EMR HTML5 3.06.1803 and earlier versions.

Following the discovery of these bugs, Philips patched both the issues with the release of Philips Tasy EMR HTML5 3.06.1804.

Since the patches are out, all healthcare facilities and hospitals must update their devices to receive the bug fixes. Given the severity of the threats and the vulnerability of the healthcare sector, addressing such issues at early stages is crucial to ensure patients’ data security.

Alongside getting the updates, CISA also recommends additional steps to alleviate the risks associated with the potential exploitation of these bugs. These measures include pulling the sensitive systems offline, isolating networks via firewalls, and using VPNs during remote access.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses

1 comment

Fatuara November 22, 2021 - 8:27 am

to good to be very true to be truth s truth

Comments are closed.