OTPulse
FeedAboutContact

Philips IntelliSpace Cardiovascular Vulnerabilities

Monitor4.2ICS-CERT ICSMA-18-226-01Aug 14, 2018
Attack VectorLocal
Auth RequiredHigh
ComplexityLow
User InteractionNone needed
Summary

Privilege escalation vulnerability in Philips IntelliSpace Cardiovascular (ISCV) and Xcelera servers. An attacker with local access and user-level privileges can escalate to higher privileges and execute arbitrary code on the system.

What this means
What could happen
An attacker with local access to the cardiovascular imaging server could gain administrative control and execute arbitrary commands, potentially modifying patient data, altering image analysis results, or disrupting clinical operations.
Who's at risk
Hospital cardiology departments and imaging centers using Philips IntelliSpace Cardiovascular or Xcelera systems should assess this risk. These are cardiovascular imaging analysis servers used for clinical diagnosis and treatment planning.
How it could be exploited
An attacker with user-level credentials and local access to the ISCV or Xcelera server exploits a privilege escalation flaw to gain administrative privileges, then executes arbitrary code to compromise the system.
Prerequisites
  • Local access to the ISCV or Xcelera server
  • Valid user-level credentials on the server
  • No network exploitation capability; requires hands-on or remote desktop access
no patch available for affected versionslocal access requiredrequires valid user credentialsaffects clinical diagnostic systems
Exploitability
Low exploit probability (EPSS 0.2%)
Affected products (2)
1 with fix1 EOL
ProductAffected VersionsFix Status
IntelliSpace Cardiovascular:≤ 3.13.2
Xcelera:≤ 4.1No fix (EOL)
Remediation & Mitigation
0/5
Do now
0/1
WORKAROUNDContact Philips service support to discuss interim mitigation options and upgrade schedule for your specific configuration
Schedule — requires maintenance window
0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade IntelliSpace Cardiovascular to version 3.2 when available (scheduled October 2018)
HARDENINGEnable and monitor server audit logs for privilege escalation attempts and unauthorized administrative activity
Mitigations - no patch available
0/2
Xcelera: has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGRestrict local access to ISCV and Xcelera servers to authorized clinical and IT personnel only; remove unnecessary user accounts
HARDENINGImplement physical access controls and badge/key access restrictions to server rooms housing ISCV/Xcelera systems
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/addcdf87-c332-43ba-9d03-306e4eb09575
Philips IntelliSpace Cardiovascular Vulnerabilities | CVSS 4.2 - OTPulse