Philips IntelliBridge EC40/80 (Update A)

Monitor6.3ICS-CERT ICSMA-19-318-01Nov 14, 2019

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The IntelliBridge EC40/80 hub contains a cryptographic weakness (CWE-326) that allows attackers with network access to the device to gain unauthorized access. Successful exploitation may allow an attacker to execute software, modify system configuration, or access files including patient data.

What this means

What could happen

An attacker with network access to the IntelliBridge hub could modify system configuration or access patient health records. This could disrupt connected medical device monitoring and compromise patient privacy.

Who's at risk

Healthcare facilities using Philips IntelliBridge EC40 or EC80 hubs for central patient monitoring should prioritize this. These hubs aggregate vital signs and other patient data from bedside monitors across a ward or unit. All versions are affected.

How it could be exploited

An attacker on the network segment containing the IntelliBridge hub can exploit the weak cryptography to gain unauthorized access to the device without credentials. Once accessed, the attacker can execute commands, change settings, or exfiltrate patient data stored on the hub.

Prerequisites

Network access to the IntelliBridge EC40/80 hub
Device must be powered on and connected to network

Remotely exploitableNo authentication requiredLow complexity attackNo patch currently availableAffects patient safety and privacy systemsAffects sensitive health data

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

IntelliBridge EC80 Hub: all versionsAll versionsNo fix (EOL)

IntelliBridge EC40 Hub: all versionsAll versionsNo fix (EOL)

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDContact Philips service support for guidance on your specific EC40/80 device configuration and interim mitigation options

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXPlan for patched version deployment once Philips releases Q3 2020 update

Mitigations - no patch available

0/2

The following products have reached End of Life with no planned fix: IntelliBridge EC80 Hub: all versions, IntelliBridge EC40 Hub: all versions. Apply the following compensating controls:

HARDENINGImplement network segmentation to restrict access to the IntelliBridge hub to only authorized clinical engineering or IT personnel

HARDENINGMonitor network traffic to and from the IntelliBridge hub for unauthorized access attempts

CVEs (1)

CVE-2019-18241

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/f92a8080-dcc0-461f-ab24-08f2f7d3ff2a