Philips has a plan to handle a use of obsolete function vulnerability in its Holter 2010, according to a report with NCCIC.
Successful exploitation of this vulnerability under certain conditions can lead to a product feature escalation. Philips self-reported the vulnerability.
A 12-lead EKG analysis software program, all versions of the Holter 2010 Plus suffer from the issue.
A vulnerability has been identified that may allow system options that were not purchased to be enabled.
CVE-2019-10968 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 1.9.
The product sees use mainly in the healthcare and public health sectors. It also sees action on a global basis.
No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely. High skill level is needed to exploit.
Netherlands-based Philips recommends users implement role-based access controls to control physical access to the system. Further controls are provided by the multiple components required to exploit the vulnerability.
Please see the Philips product security website for the latest security information for Philips products.