Philips IntelliVue Information Center iX (Update B)

Act NowCVSS 5.7ICS-CERT ICSMA-18-233-01Aug 21, 2018

Philips

Attack path

Attack VectorAdjacent

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

The IntelliVue Information Center iX (B.02) contains a network handling vulnerability (CWE-400) that can be exploited to cause a denial of service. An attacker sending malicious network traffic can render the operating system unresponsive, preventing the application from displaying patient monitoring data. Philips has committed to releasing a patch by end of November 2018. Until then, users should follow the compensating controls documented in the device labeling and service guides.

What this means

What could happen

An attacker on the local network could send malicious network traffic that causes the IntelliVue Information Center to stop responding, disrupting your ability to monitor patient vital signs and clinical data from connected medical devices.

Who's at risk

Healthcare facilities that rely on the Philips IntelliVue Information Center iX (B.02) for bedside and centralized patient monitoring. This includes acute care hospitals, critical care units, and any facility where continuous monitoring of vital signs is essential to patient safety.

How it could be exploited

An attacker with access to the local network sends specially crafted network packets to the IntelliVue Information Center. The system fails to properly validate or rate-limit incoming network connections, causing the operating system to become unresponsive and freeze the application.

Prerequisites

Network access to the local network segment where the IntelliVue Information Center is connected
Low-level network access privileges (no credentials required to send network packets)

Remotely exploitable over local networkLow authentication complexityAffects clinical monitoring systemsCauses denial of service to critical patient dataEPSS score 43.7% (moderate exploitation likelihood)

Exploitability

Likely to be exploited — EPSS score 45.8%

Metasploit module available — weaponized exploitView module ↗

Affected products (1)

ProductAffected VersionsFix Status

IntelliVue Information Center iX:B.02patch by end of November 2018

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDFollow compensating controls in the device's labeling and service guide, as recommended by Philips

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXInstall the Philips patch when available (scheduled for end of November 2018)

Long-term hardening

0/1

HARDENINGSegment the IntelliVue Information Center on a dedicated network or VLAN to limit access from untrusted network segments

CVEs (1)

CVE-1999-0103

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/d8db379e-150d-4496-a99c-592400cdadab

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.