OTPulse
FeedAboutContact

Philips HDI 4000 Ultrasound

Low Risk3ICS-CERT ICSMA-19-241-02Aug 29, 2019
Attack VectorLocal
Auth RequiredHigh
ComplexityHigh
User InteractionNone needed
Summary

Philips HDI 4000 Ultrasound Systems running Windows 2000 contain a local vulnerability (CWE-477) that could allow privileged users to read or modify stored ultrasound images. The vulnerability affects confidentiality and integrity of image data but does not impact device availability or patient safety. The HDI 4000 reached end of support on December 31, 2013 and will not receive security updates from Philips.

What this means
What could happen
An attacker with local access could view stored ultrasound images or alter image data, exposing patient privacy and potentially compromising diagnostic accuracy. Patient safety and device availability are not affected.
Who's at risk
Healthcare providers operating Philips HDI 4000 ultrasound systems, particularly radiology and sonography departments that rely on this equipment for diagnostic imaging. This impacts organizations that have not yet retired these legacy devices from the field.
How it could be exploited
An attacker with physical or local network access to the HDI 4000 system could exploit a local vulnerability in the Windows 2000 operating system to read or modify stored ultrasound image files. This requires high privilege access on the device itself.
Prerequisites
  • Local access to the HDI 4000 system (physical or direct network connection)
  • High privilege / administrative credentials on the device
  • Knowledge of vulnerable operating system features (Windows 2000)
no patch availablelegacy/unsupported operating system (Windows 2000)local access requiredend-of-life product
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (1)
ProductAffected VersionsFix Status
HDI 4000 Ultrasound Systems: All* running on old, unsupported operating systems such as Windows 2000No fix (EOL)
Remediation & Mitigation
0/2
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGImplement network access controls to limit connectivity to the HDI 4000; restrict access to authorized clinical staff only
Mitigations - no patch available
0/1
HDI 4000 Ultrasound Systems: All has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGReplace the HDI 4000 with a current generation ultrasound system running a supported, modern operating system
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/f82b179b-91dc-4a0e-8747-5b0edf26438c
Philips HDI 4000 Ultrasound | CVSS 3 - OTPulse