Edwards Lifesciences recognizes that as software continues to become more integrated in products, cybersecurity is a critical element in reducing risk across the total product lifecycle. Cybersecurity threats are evolving and not only do they have the potential to impact the confidentiality, integrity and availability of a product, but also the clinical effectiveness. As such, we continuously monitor new threats and evaluate them against our product lines to ensure the safety, security and trustworthiness of our products. In support of these efforts, Edwards maintains a dedicated product security team to help evaluate and implement security controls and manage risks across our product lines.
As appropriate, we will be posting cybersecurity bulletins related to vulnerabilities and their impact to Edwards products. For any additional questions or comments related to product security at Edwards, please contact your service representative and/or the product security team directly at email@example.com.
“Urgent/11” Cybersecurity Bulletin
Multiple security vulnerabilities in the IPnet TCP/IP Stack, implemented across various operating systems were recently disclosed publicly by security researchers at Armis. These vulnerabilities, referred to as “Urgent/11”, can be utilized for remote code execution and allow an attacker to potentially compromise an entire system without user interaction. A Common Vulnerability Scoring System (CVSS) v3 score of 9.8 out of 10 has been assigned to Urgent/11.
At this time, Edwards' devices on market are not impacted by the Urgent/11 vulnerabilities. Edwards will continue to monitor the situation and provide customers with updates, as appropriate. Additional details on the vulnerability can be found on the US Department of Homeland Security Cyber Infrastructure website – https://us-cert.gov/ics/advisories/icsa-19-211-01.
For additional clarification and concerns, please contact a service representative and/or product security team directly at firstname.lastname@example.org.