Philips IntelliSpace Cardiovascular System and Xcelera System Vulnerability

Plan PatchCVSS 7.2ICS-CERT ICSMA-17-318-01Nov 14, 2017

Philips

Attack path

Attack VectorNetwork

Auth RequiredHigh

ComplexityLow

User InteractionNone needed

Summary

Philips IntelliSpace Cardiovascular (version 2.3.0 and earlier) and Xcelera (R4.1L1 and prior) contain a credential handling vulnerability (CWE-522) that allows an authenticated administrative user to access sensitive patient data and cardiac imaging information without proper authorization controls. An attacker with admin-level access could view, modify, or delete protected health information and diagnostic records. Philips reports that software hotfix updates are in development for affected versions and will be available through their service support channels, with completion expected by the end of 2017.

What this means

What could happen

An attacker with administrative credentials could view or modify protected health information and cardiac imaging data, or disrupt cardiac monitoring and diagnostic operations by altering system configuration and data integrity.

Who's at risk

This affects cardiology departments and cardiac imaging centers using Philips IntelliSpace Cardiovascular (version 2.3.0 and earlier) or Xcelera (R4.1L1 and prior). Hospital IT and cardiology teams should care because these systems manage sensitive patient cardiac imaging data and diagnostic workflows critical to patient care.

How it could be exploited

An attacker with administrative access to the IntelliSpace Cardiovascular or Xcelera system could exploit improper credential handling to access sensitive patient data, modify cardiac imaging records, or alter system settings without proper authentication checks. Network access to the management interface combined with high-privilege credentials enables this exploitation.

Prerequisites

Administrative user credentials for IntelliSpace Cardiovascular or Xcelera system
Network access to the affected system's management interface
Knowledge of or access to the management/administrative portal

Remotely exploitableRequires administrative credentialsNo patch currently available for all versionsAffects healthcare/patient safety systemsMedium exploit probability

Exploitability

Unlikely to be exploited — EPSS score 1.0%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Xcelera: R4.1L1 and prior≤ R4.1L1available via Philips hotfix; check with service support

IntelliSpace Cardiovascular:≤ 2.3.0available via Philips hotfix; check with service support

Remediation & Mitigation

0/5

Do now

0/2

HOTFIXContact local Philips service support to determine availability of hotfixes for your specific product version and obtain updates

HARDENINGRestrict administrative access to IntelliSpace Cardiovascular and Xcelera systems to authorized clinical and IT personnel only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXApply Philips software hotfix updates for IntelliSpace Cardiovascular when available from Philips service support

HOTFIXApply Philips software hotfix updates for Xcelera when available from Philips service support

Long-term hardening

0/1

HARDENINGImplement network segmentation to limit access to cardiac imaging and information management systems from clinical workstations only

CVEs (1)

CVE-2017-14111

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/efa65e72-8e34-4c24-85e6-026c0e591295

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.