ICSMA-17-255-01_Philips' IntelliView MX40 Patient Worn Monitor (WLAN) Vulnerabilities

Monitor6.5ICS-CERT ICSMA-17-255-01Sep 12, 2017

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Philips IntelliVue MX40 Patient Worn Monitor (WLAN) contains vulnerabilities that could allow an attacker with network access to cause denial of service by disrupting wireless communications. The vulnerabilities affect the device's ability to maintain WLAN connectivity and process wireless data, potentially interrupting real-time patient monitoring transmission to the central station.

What this means

What could happen

An attacker on the same wireless network could disrupt the MX40 monitor's WLAN connection, preventing patient vital signs and alarm data from reaching the central monitoring station and potentially interrupting critical patient care visibility.

Who's at risk

Healthcare facilities using Philips IntelliVue MX40 Patient Worn Monitors with WLAN capability for wireless patient monitoring in hospital wards, ICUs, emergency departments, and telemetry areas should assess risk. This affects any wireless patient monitoring deployment where the MX40 is used for continuous vital signs transmission.

How it could be exploited

An attacker with access to the same wireless network as the MX40 monitor can send specially crafted wireless packets to trigger unhandled exceptions or cause the WLAN stack to fail, forcing the device to lose connectivity and stop transmitting patient data to the monitoring center.

Prerequisites

Attacker must be on the same wireless network (or within radio range) as the MX40 monitor
No valid credentials required
Device running firmware version prior to B.06.18

remotely exploitableno authentication requiredlow complexityaffects safety systems (patient monitoring)no patch available

Exploitability

Low exploit probability (EPSS 0.4%)

Affected products (1)

ProductAffected VersionsFix Status

IntelliVue MX40 Patient Worn Monitor (WLAN only): all< B.06.18No fix yet

Remediation & Mitigation

0/5

Do now

0/2

HARDENINGIsolate MX40 monitors on a dedicated wireless network segment with strict access controls and encryption (WPA2/WPA3)

WORKAROUNDDeploy wired backup monitoring for critical patients to ensure continuous vital signs visibility if wireless is disrupted

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGImplement wireless intrusion detection to monitor for suspicious activity targeting MX40 devices

HARDENINGRestrict wireless network access to authorized devices using MAC filtering and strong authentication

WORKAROUNDMonitor MX40 device connectivity logs and set up alerts for unexpected disconnections

CVEs (2)

CVE-2017-9657 CVE-2017-9658

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/11176d20-a93e-480e-b7cd-205bf1b719da