Philips Veradius Unity, Pulsera, and Endura Dual WAN Routers

MonitorCVSS 5.3ICS-CERT ICSMA-19-353-01Dec 19, 2019

Philips

Attack path

Attack VectorAdjacent

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Philips Veradius Unity (model 718132), Pulsera (model 718095), and Endura (model 718075) Dual WAN routers with wireless or ViewForum options are vulnerable to a management interface compromise (CWE-326: Inadequate Encryption Strength). Successful exploitation by an adjacent attacker could disrupt the availability of data transfer via wireless communication. Units shipped between August 2016 and August 2018 are affected. Exploitation requires high skill level and physical/adjacent network proximity. Philips has stated no fix will be provided but offers a configuration update as a workaround.

What this means

What could happen

An attacker with physical or adjacent network access could disrupt wireless data transfer through the Dual WAN router's management interface, potentially preventing remote monitoring and control of clinical devices connected through these routers.

Who's at risk

Healthcare facility IT and biomedical teams managing Philips Veradius Unity, Pulsera, and Endura Dual WAN routers used for wireless connectivity and remote monitoring of clinical devices. Routers shipped between 2016 and August 2018 with wireless or ViewForum options are at risk.

How it could be exploited

An attacker on the adjacent network (e.g., hospital WiFi or directly connected to router) could exploit a weakness in the wireless or ViewForum option to compromise the management interface and cause the router to become unavailable. The attacker does not need valid credentials but must have physical proximity or network adjacency to the device.

Prerequisites

Physical or adjacent network access to the Dual WAN router
The router must have the wireless option or ViewForum option enabled
High skill level required to execute the exploit

No patch availableAffects remote monitoring infrastructureRequires high skill level to exploitNo known public exploitsNot remotely exploitable

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (4)

4 pending

ProductAffected VersionsFix Status

Pulsera (718095) and Endura (718075): with wireless option (shipped between 26-June-2017 through 07-August 2018)with wireless option (shipped between 26-June-2017 through 07-August 2018)No fix yet

Veradius Unity (718132): with ViewForum option (shipped between 2016-August 2018)with ViewForum option (shipped between 2016-August 2018)No fix yet

Veradius Unity (718132): with wireless option (shipped between 2016-August 2018)with wireless option (shipped between 2016-August 2018)No fix yet

Pulsera (718095) and Endura (718075): with ViewForum option (shipped between 26-June-2017 through 07-August 2018)with ViewForum option (shipped between 26-June-2017 through 07-August 2018)No fix yet

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDContact Philips support to obtain and apply the configuration update for the Dual WAN router if your device has the wireless or ViewForum option

HARDENINGRestrict physical and network access to the Dual WAN router management interface to authorized personnel only

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGDisable the wireless or ViewForum option if not required for clinical operations

HARDENINGDisable any unnecessary accounts and services on the management interface

Long-term hardening

0/1

HARDENINGApply defense-in-depth strategies including network segmentation to isolate the router from untrusted networks

CVEs (1)

CVE-2019-18263

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/1560c22f-3401-440b-af91-1e623221988f

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.