A new advisory contains words no one in InfoSec likes to hear:
"An attacker with low skill would be able to exploit these vulnerabilities."
We've got plenty of those types lurking behind computer screens around the world, don't we?
An update from US-CERT points to dozens of vulnerabilities in Philips medical IoT devices.
Most of the vulnerabilities involve Philips' IntelliSpace Portal (ISP), an advanced visualization and image analysis system used by doctors, clinics, and hospitals.
According to US-CERT, the possible risks here include accessing sensitive medical information, man-in-the middle attacks, remote code execution, and escalation of privilege possibilities.
Philips says: "Evaluation of Operating System security patches is ongoing, and after appropriate testing, the patches and mitigating controls are posted on Philips’ InCenter."
You can see the complete US-CERT advisory here.