OTPulse
FeedAboutContact

ZOLL ePCR IOS Mobile Application

Monitor5.5ICS-CERT ICSMA-26-041-01Feb 10, 2026
Attack VectorLocal
Auth RequiredNone
ComplexityLow
User InteractionRequired
Summary

The ZOLL ePCR IOS Mobile Application version 2.6.7 contains a vulnerability that allows unauthorized access to protected health information (PHI) and device telemetry on affected iOS devices. The application has been decommissioned as of May 2025 with no replacement planned by the vendor. ZOLL has stated it will not provide updates or patches for this product and users should contact ZOLL Support directly for guidance.

What this means
What could happen
An attacker with physical access to an iOS device running the ePCR application could extract sensitive patient health information (PHI) or device telemetry without authentication. This could compromise patient privacy and potentially disrupt emergency response workflows if the compromised data affects operational decisions.
Who's at risk
Emergency Medical Services (EMS) agencies and first responders who deployed the ZOLL ePCR IOS Mobile Application on iPad or iPhone devices used by paramedics and emergency personnel for patient care reporting and data collection in the field.
How it could be exploited
An attacker with physical access to an unlocked or poorly secured iOS device running the vulnerable ePCR application can directly access stored sensitive data (PHI and device telemetry) without requiring valid credentials. The vulnerability stems from inadequate data protection mechanisms on the mobile device.
Prerequisites
  • Physical access to an iOS device running ePCR IOS Mobile Application version 2.6.7
  • The application must be installed on the device
  • The device must be in an accessible state (not requiring full authentication to the device itself)
No authentication requiredNo patch availableSensitive health data exposureAffects emergency response operations
Exploitability
Low exploit probability (EPSS 0.0%)
Affected products (1)
ProductAffected VersionsFix Status
ePCR IOS Mobile Application: 2.6.72.6.7No fix (EOL)
Remediation & Mitigation
0/3
Do now
0/2
HOTFIXCease use of ZOLL ePCR IOS Mobile Application version 2.6.7 immediately and migrate to an alternative emergency medical services (EMS) or patient care reporting solution
HARDENINGFor any remaining deployed instances, ensure iOS devices are protected with device-level security controls (passcode locks, MDM enrollment) to prevent unauthorized physical access
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGAudit all iOS devices previously running ePCR to ensure they have been deprovisioned or migrated to a supported alternative application
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/70dbd834-e2eb-410e-a48a-9e9ce1c3710a
ZOLL ePCR IOS Mobile Application | CVSS 5.5 - OTPulse