Philips IntelliSpace Cardiovascular System and Xcelera System Vulnerability
Plan Patch7.2ICS-CERT ICSMA-17-318-01Nov 14, 2017
Attack VectorNetwork
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary
Philips IntelliSpace Cardiovascular (version 2.3.0 and earlier) and Xcelera (R4.1L1 and prior) contain a credential handling vulnerability (CWE-522) that allows an authenticated administrative user to access sensitive patient data and cardiac imaging information without proper authorization controls. An attacker with admin-level access could view, modify, or delete protected health information and diagnostic records. Philips reports that software hotfix updates are in development for affected versions and will be available through their service support channels, with completion expected by the end of 2017.
What this means
What could happen
An attacker with administrative credentials could view or modify protected health information and cardiac imaging data, or disrupt cardiac monitoring and diagnostic operations by altering system configuration and data integrity.
Who's at risk
This affects cardiology departments and cardiac imaging centers using Philips IntelliSpace Cardiovascular (version 2.3.0 and earlier) or Xcelera (R4.1L1 and prior). Hospital IT and cardiology teams should care because these systems manage sensitive patient cardiac imaging data and diagnostic workflows critical to patient care.
How it could be exploited
An attacker with administrative access to the IntelliSpace Cardiovascular or Xcelera system could exploit improper credential handling to access sensitive patient data, modify cardiac imaging records, or alter system settings without proper authentication checks. Network access to the management interface combined with high-privilege credentials enables this exploitation.
Prerequisites
- Administrative user credentials for IntelliSpace Cardiovascular or Xcelera system
- Network access to the affected system's management interface
- Knowledge of or access to the management/administrative portal
Remotely exploitableRequires administrative credentialsNo patch currently available for all versionsAffects healthcare/patient safety systemsMedium exploit probability
Exploitability
Low exploit probability (EPSS 1.0%)
Affected products (2)
2 with fix
ProductAffected VersionsFix Status
Xcelera: R4.1L1 and prior≤ R4.1L1available via Philips hotfix; check with service support
IntelliSpace Cardiovascular:≤ 2.3.0available via Philips hotfix; check with service support
Remediation & Mitigation
0/5
Do now
0/2HOTFIXContact local Philips service support to determine availability of hotfixes for your specific product version and obtain updates
HARDENINGRestrict administrative access to IntelliSpace Cardiovascular and Xcelera systems to authorized clinical and IT personnel only
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXApply Philips software hotfix updates for IntelliSpace Cardiovascular when available from Philips service support
HOTFIXApply Philips software hotfix updates for Xcelera when available from Philips service support
Long-term hardening
0/1HARDENINGImplement network segmentation to limit access to cardiac imaging and information management systems from clinical workstations only
CVEs (1)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/efa65e72-8e34-4c24-85e6-026c0e591295