Philips IntelliSpace Perinatal

Monitor6.1ICS-CERT ICSMA-19-297-01Oct 24, 2019

Attack VectorLocal

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Successful exploitation of this vulnerability may allow an attacker with local system access unauthorized access to system resources, including execution of software and reading or updating files, directories, and system configuration. This could impact confidentiality and integrity of the system and application. If the Document Export (DOX) function is installed on the application server, protected health information (PHI) may be exposed.

What this means

What could happen

An attacker with local system access could read sensitive files and system configuration, potentially exposing patient health information and compromising system integrity on the perinatal monitoring application.

Who's at risk

Hospitals and perinatal care facilities using Philips IntelliSpace Perinatal for fetal monitoring and maternal health tracking. Clinical staff and system administrators with access to the application server are at risk of exposing or accidentally accessing patient health information. Affected organizations should prioritize this device if patient privacy compliance is critical (HIPAA/GDPR).

How it could be exploited

An attacker with local user credentials on the IntelliSpace Perinatal system could exploit the vulnerability to access system resources, read protected files, execute code, or modify system settings. If the Document Export (DOX) function is enabled, patient health information stored on the application server could be exposed.

Prerequisites

Local system access (local user account or physical console access)
Valid user credentials on the IntelliSpace Perinatal system
Document Export (DOX) function installed and enabled on the application server (for PHI exposure risk)

Requires local system access (lower remote risk)Low complexity exploitationNo patch available for end-of-life versionProtected health information at risk if DOX enabledMedium CVSS severity

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

IntelliSpace Perinatal:≤ KNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDisable the Document Export (DOX) function if it is not required for clinical operations to reduce the risk of patient health information exposure

HARDENINGRestrict local system access to IntelliSpace Perinatal servers by limiting user accounts and implementing strict authentication controls

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HARDENINGMonitor user activity and file access logs on the IntelliSpace Perinatal system for unauthorized access attempts

HARDENINGReview and update access controls to ensure only authorized clinical and administrative staff have local system access

HOTFIXPlan for upgrade to next minor product update (end of 2020) when Philips releases remediation

CVEs (1)

CVE-2019-13546

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f41806d2-315c-4325-b66b-cace70d95ddb