- Medtronic Criticized for Lax Medical Device Security Response
- Medical Device Security Requires Collaborative Action from Industry
- Patient Safety Concerns Driving Medical Device Security Investment
The Philips e-Alert sensor-based tool measures environmental factors against thresholds, triggering an alert if a key MRI parameter diverges from a predefined value. Alerts are sent by email, text message, and/or as part of a local alarm system.
Exploiting the improper input validation vulnerability, an attacker could craft the input in a form that is not expected by the rest of the application, which could result in altered control flow, arbitrary control of a resource, or arbitrary code execution. A CVSS vulnerability score of 7.1 (high) has been calculated for this vulnerability (CVE-2018-8850).
For the cross-site scripting vulnerability, the software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output, which is used as a web page served to other users. A CVSS score