Multiple vulnerabilities in the Hospital Information System (HIS) inesKIS of ines GmbH
Swiss Health Sector
NTCF:
NTCF-2024-87453
Product:
inesKIS
Vendor:
ines GmbH
Criticality:
high
Status:
fixed
Discovered:
2024-04-26
Detail:
Public
Description
Multiple vulnerabilities have been identified in the Hospital Information System (HIS) inesKIS version 7.4.1.5 of ines GmbH.
According to ines, they have been working on fixing the vulnerabilities since inesKIS version 7.0. The manufacturer also recommends mitigating measures.
In accordance with NTC Vulnerability Disclosure Policy, the details of these vulnerabilities will not be publicly disclosed.
Affected hospitals can find detailed information on the identified vulnerabilities and recommendations on the NCSC's Cyber Security Hub, which is available free of charge to all Swiss operators of critical infrastructure, which includes hospitals: Cyber Security Hub. Alternatively, ines or the NTC can provide further information to the affected organisations.
The NTC has published a summary report on the security of hospital information systems: Summary Report HIS.
Timeline
2024-04-26: initial discovery
2024-05-06: private disclosure
2024-09-23: Cyber Security Hub publication
2025-01-23: public disclosure