Philips Ultrasound Systems

Low Risk3.6ICS-CERT ICSMA-20-177-01Jun 25, 2020

Attack VectorLocal

Auth RequiredLow

ComplexityHigh

User InteractionNone needed

Summary

Philips Ultrasound systems contain a weakness in local authentication mechanisms (CWE-288) that allows a non-authenticated attacker with local access to view or modify information on the device. Affected models include Ultrasound ClearVue (versions 3.2 and earlier), Ultrasound Xperius (all versions), Ultrasound CX (versions 5.0.2 and earlier), Ultrasound EPIQ/Affiniti (versions VM5.0 and earlier), and Ultrasound Sparq (versions 3.0.2 and earlier).

What this means

What could happen

An attacker with local physical access to an Ultrasound system could view or modify patient data and system settings without authentication, potentially compromising diagnostic accuracy or patient privacy.

Who's at risk

Healthcare facilities using Philips Ultrasound diagnostic imaging systems, including cardiology, radiology, and obstetrics departments. Affected equipment includes ClearVue, Xperius, CX, EPIQ, Affiniti, and Sparq models used for patient diagnostic imaging.

How it could be exploited

An attacker with local physical access to an Ultrasound system can exploit weak authentication mechanisms to view or modify system information and settings. This requires being physically present at the device console.

Prerequisites

Physical access to the Ultrasound system console
No valid credentials required

No authentication required for local accessLow complexity exploitationAffects healthcare equipment handling patient dataNo patch available for most product lines

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (5)

1 with fix4 EOL

ProductAffected VersionsFix Status

Ultrasound ClearVue:≤ 3.2No fix (EOL)

Ultrasound Xperius: all versionsAll versionsNo fix (EOL)

Ultrasound CX:≤ 5.0.2No fix (EOL)

Ultrasound EPIQ/Affiniti:≤ VM5.0VM6.0

Ultrasound Sparq:≤ 3.0.2No fix (EOL)

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDFor all affected systems: implement procedural controls ensuring service providers verify and validate device integrity during all service and repair operations

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXFor EPIQ/Affiniti systems: upgrade to Version VM6.0 or later by contacting Philips service support

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Ultrasound ClearVue:, Ultrasound Xperius: all versions, Ultrasound CX:, Ultrasound Sparq:. Apply the following compensating controls:

HARDENINGImplement physical access controls to restrict unauthorized personnel from directly accessing Ultrasound system consoles

CVEs (1)

CVE-2020-14477

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/43489df7-4081-4e22-a3d6-e5dc1f27f930