Philips DreamMapper Unauthorised Access Vulnerability

Philips has disclosed a vulnerability that could allow an attacker to access log file information associated with the Philips DreamMapper software.

Threat ID:: CC-3590
Category:: Exploit
Threat Severity:: Low
Threat Vector:: Vulnerability
Published:: 6 August 2020 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Philips has disclosed a vulnerability that could allow an attacker to access log file information associated with the Philips DreamMapper software.

Affected platforms

The following platforms are known to be affected:

Versions: Version 2.24.x and earlier

Philips DreamMapper

Threat details

Introduction

Philips has disclosed a vulnerability in DreamMapper, a mobile app used to manage sleep apnoea.

The vulnerability could allow an unauthenticated attacker to access log file information.

At the time of publication there has been no reported exploitation of this vulnerability or related incidents from clinical use.

Remediation advice

Users and administrators should review the information provided on the Philips product security website. Any enquiries relating to a specific DreamMapper installation should be directed to the local Philips service support team or regional service support. Contact information is available here.

Philips is planning to release an update that addresses this vulnerability by 30 June 2021.

Definitive source of threat updates

https://www.philips.com/productsecurity

Last edited: 6 August 2020 3:22 pm