CVE-2018-5438

Name of the Vulnerable Software and Affected Versions Philips ISCV versions prior to 2.3.0

Description The issue is related to insufficient session expiration, allowing an attacker to reuse a previously logged-in user's session. This occurs when the ISCV application is used with an Electronic Medical Record (EMR) system in KIOSK mode for multiple users, and Windows authentication is in use. An attacker could potentially gain unauthorized access to patient health information and modify it.

Recommendations For versions prior to 2.3.0, update to version 2.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the ISCV application when used in KIOSK mode with Windows authentication to minimize the risk of exploitation.