Philips IntelliVue WLAN

Monitor6.4ICS-CERT ICSMA-19-255-01Sep 12, 2019

Attack VectorAdjacent

Auth RequiredHigh

ComplexityHigh

User InteractionNone needed

Summary

Philips IntelliVue WLAN modules (Version A and Version B) contain vulnerabilities (CWE-259 hardcoded credentials, CWE-494 unsigned firmware) that allow an attacker with wireless network access to corrupt the WLAN firmware. The module lacks proper validation of firmware updates or integrity checks, allowing successful exploitation without prior authentication. Successful exploitation causes the WLAN module to become inoperative, triggering an "inoperative condition" alert at both the bedside monitor and the Central Station, preventing wireless transmission of vital signs data. Affected products are IntelliVue MX800/700/600 (WLAN Version B, Firmware A.01.09), IntelliVue MP2/X2 (WLAN Version B, Firmware A.01.09), IntelliVue MP5/5SC (WLAN Version A, Firmware A.03.09), and IntelliVue MP20-MP90 (WLAN Version A, Firmware A.03.09).

What this means

What could happen

An attacker with wireless network access could corrupt the WLAN module firmware on Philips IntelliVue patient monitors, causing them to go offline and preventing vital signs from being transmitted to central monitoring stations. This could delay detection of critical patient events and disrupt continuous monitoring workflows.

Who's at risk

Hospital and clinical environments deploying Philips IntelliVue patient monitors with WLAN connectivity, including emergency departments, ICUs, operating rooms, and telemetry wards. Specifically affects: MX800/700/600 series with WLAN Version B, MP2/X2 bedside monitors with WLAN Version B, MP5/5SC with WLAN Version A, and MP20-MP90 portable monitors with WLAN Version A. Any facility relying on wireless vital signs transmission to central monitoring stations is at risk of losing real-time patient visibility if WLAN modules are corrupted.

How it could be exploited

An attacker on the wireless network sends a malformed firmware update or packet to the WLAN module. The module lacks proper validation of firmware integrity or update authenticity, allowing the attacker to corrupt the firmware without needing to authenticate. The monitor then becomes inoperative, losing WLAN connectivity and alerting at the bedside and central station.

Prerequisites

Wireless network access to the facility network where monitors are deployed
WLAN module must be Version A (firmware A.03.09) or Version B (firmware A.01.09)
High privileges on the WLAN module required to initiate firmware corruption (administrator or engineering access)
Wireless network authentication (WPA2) may be present, but module does not validate firmware updates
Physical proximity to wireless network or network route to affected monitors

Remotely exploitable over wireless networkHigh privilege requirement but module does not authenticate firmware updatesAffects patient safety monitoring systemsNo vendor patch available for WLAN Version A; hardware replacement required for Version BLow exploit complexity once network access obtainedOlder firmware versions lack update integrity validation

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (4)

4 pending

ProductAffected VersionsFix Status

IntelliVue MP monitors MX800/700/600 ((865240/41/42) WLAN:Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C)No fix yet

IntelliVue MP monitors MP2/X2 (M8102A/M3002A) WLAN:Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C)No fix yet

IntelliVue MP monitors MP5/5SC (M8105A/5AS) WLAN:Version A, Firmware A.03.09, Part #: M8096-67501No fix yet

IntelliVue MP monitors MP20-MP90 (M8001A/2A/3A/4A/5A/7A/8A/10A) WLAN:Version A, Firmware A.03.09No fix yet

Remediation & Mitigation

0/6

Do now

0/2

HARDENINGEnable WPA2 authentication on wireless network if not already enabled

WORKAROUNDImplement firewall rule to block FTP access to wireless network segment containing monitors

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXReplace WLAN Version B module with WLAN Version C module (firmware B.00.31 or later) on affected MX800/700/600 and MP2/X2 monitors

HOTFIXInstall WLAN Version A firmware patch from Philips (estimated available end of 2019) on affected MP5/5SC and MP20-MP90 monitors

HARDENINGImplement role-based access controls to restrict physical access to IntelliVue monitors and WLAN modules

Long-term hardening

0/1

HARDENINGReview and follow Philips Security for Clinical Networks Guide and IntelliVue Network Configuration Guide for additional wireless security hardening

CVEs (2)

CVE-2019-13530 CVE-2019-13534

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/ebd19524-e10c-4e83-b235-f8dc352c21a3