Philips Tasy Electronic Medical Record (EMR) HTML5 SQL Injection Vulnerabilities
Philips has released a security advisory to address SQL injection vulnerabilities in Philips Tasy Electronic Medical Record (EMR) HTML5. An attacker could exploit these vulnerabilities to access a patient’s confidential data or create a denial-of-service condition.
Summary
Philips has released a security advisory to address SQL injection vulnerabilities in Philips Tasy Electronic Medical Record (EMR) HTML5. An attacker could exploit these vulnerabilities to access a patient’s confidential data or create a denial-of-service condition.
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
Philips has released a security advisory to fix two vulnerabilities, tracked as CVE-2021-39375 and CVE-2021-39376, in Philips Tasy Electronic Medical Record (EMR) HTML5 system that could allow SQL injection under certain conditions.
If an attacker carries out a successful SQL injection attack, they could expose and extract confidential patient data from the Tasy database. This could result in an attacker gaining unauthorised access to Tasy EMR systems and ultimately lead to a denial-of-service (DoS) to the database. At the time of writing, Philips is not aware of the vulnerabilities being exploited in the wild.
Remediation advice
Affected organisations should review the Philips Tasy EMR HTML5 (2021 November 4) Security Advisory and update to Philips Tasy EMR HTML5 Versions 3.06.1804 or later, which are not subject to the reported vulnerabilities.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 5 November 2021 3:04 pm