Multiple vulnerabilities in the Hospital Information System (HIS) KISIM of CISTEC AG
Swiss Health Sector
NTCF:
NTCF-2023-78452
Product:
KISIM
Vendor:
CISTEC AG
Criticality:
high
Status:
fixed
Discovered:
2023-12-04
Detail:
Public
Vulnerable version:
<=5.6.0.3
Fixed version:
5.6.0.4
Description
Multiple vulnerabilities have been identified in the Hospital Information System (HIS) KISIM of CISTEC AG.
According to the CISTEC, all relevant vulnerabilities have been fixed or mitigated in KISIM version 5.6.0.4.
In accordance with NTC Vulnerability Disclosure Policy, the details of these vulnerabilities will not be publicly disclosed.
Affected hospitals can find detailed information on the identified vulnerabilities and recommendations on the NCSC's Cyber Security Hub, which is available free of charge to all Swiss operators of critical infrastructure, which includes hospitals: Cyber Security Hub. Alternatively, CISTEC or the NTC can provide further information to the affected organisations.
The NTC has published a summary report on the security of hospital information systems: Summary Report HIS.
Timeline
2023-12-04: initial discovery
2023-12-15: private disclosure
2024-09-04: fix by vendor
2024-11-26: Cyber Security Hub publication
2025-01-23: public disclosure