Philips Intellispace Portal ISP Vulnerabilities
Act Now9.8ICS-CERT ICSMA-18-058-02Feb 27, 2018
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Philips IntelliSpace Portal versions 7.0.x and 8.0.x contain multiple critical vulnerabilities in input validation (CWE-20), authentication (CWE-269, CWE-295), and insecure cryptographic practices (CWE-327) that allow unauthenticated remote attackers to execute arbitrary code, intercept sensitive data, and cause denial of service. These vulnerabilities are actively exploited in the wild with a 94.3% likelihood of exploitation.
What this means
What could happen
An attacker could execute arbitrary code on Philips IntelliSpace Portal systems, potentially accessing patient data, altering medical alerts or monitoring configurations, or disrupting clinical operations. They could also intercept sensitive health information in transit.
Who's at risk
Healthcare facilities operating Philips IntelliSpace Portal systems should prioritize this. The portal is used for centralized monitoring and management of patient data across ICUs, wards, and critical care areas. Any compromise affects the integrity of clinical decision-making and patient safety monitoring.
How it could be exploited
An attacker on the network can exploit multiple input validation and authentication flaws (CWE-20, CWE-269, CWE-295) without credentials or user interaction to gain code execution directly on the portal server. Once inside, they can modify clinical data, disable monitoring, or launch further attacks on connected medical devices.
Prerequisites
- Network access to IntelliSpace Portal (port 443 or 80 if enabled)
- No credentials required
- No user interaction needed
Remotely exploitableNo authentication requiredLow complexity attackActively exploited (KEV)Very high EPSS score (94.3%)No patch availableAffects patient safety systemsMultiple critical weaknesses (CWE-20, CWE-295, CWE-269)
Exploitability
Actively exploited — confirmed by CISA KEV
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
IntelliSpace Portal 8.0.x: *All versionsNo fix (EOL)
IntelliSpace Portal 7.0.x: *All versionsNo fix (EOL)
Remediation & Mitigation
0/6
Do now
0/4HARDENINGIsolate Philips IntelliSpace Portal systems from the general hospital network using a dedicated VLAN with strict firewall rules—only allow authenticated staff access from trusted workstations
WORKAROUNDBlock inbound network connections to IntelliSpace Portal from any non-essential sources and disable remote access unless absolutely required
HARDENINGImplement network segmentation to prevent the portal from reaching other clinical systems or databases in case of compromise
HOTFIXContact Philips to determine if a patch or firmware update is available, or if replacement/upgrade to a supported version is necessary
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HARDENINGEnable all available authentication mechanisms and enforce strong passwords on all portal user accounts
HARDENINGMonitor IntelliSpace Portal logs and network traffic for signs of exploitation attempts
CVEs (35)
CVE-2018-5474CVE-2017-0143CVE-2017-0144CVE-2017-0145CVE-2017-0146CVE-2017-0148CVE-2017-0272CVE-2017-0277CVE-2017-0278CVE-2017-0279CVE-2017-0269CVE-2017-0273CVE-2017-0280CVE-2017-0147CVE-2017-0267CVE-2017-0268CVE-2017-0270CVE-2017-0271CVE-2017-0274CVE-2017-0275CVE-2017-0276CVE-2018-5472CVE-2018-5468CVE-2017-0199CVE-2005-1794CVE-2018-5470CVE-2018-5454CVE-2018-5458CVE-2018-5462CVE-2018-5464CVE-2018-5466CVE-2011-3389CVE-2004-2761CVE-2014-3566CVE-2016-2183
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/92c862fe-680d-407b-bb10-67e5a51fe80b