Philips does not intended to fix cybersecurity vulnerabilities in its PageWriter Cardiograph devices, which could allow attackers to modify settings on the devices, until mid-year 2019, according to an August 16 advisory from ICS-CERT.
The PageWriter TC10, TC20, TC30, TC50, TC70 Cardiograph devices suffer from improper input validation and use of hard-coded credentials, the advisory noted.
With the improper input validation, the PageWriter device does not sanitize data entered by user, which can lead to buffer overflow or format string vulnerabilities, the advisory noted.