Philips SureSigns VS4

Low RiskCVSS 2.1ICS-CERT ICSMA-20-233-01Aug 20, 2020

Philips

Attack path

Attack VectorPhysical

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Successful exploitation of this vulnerability could allow an attacker to access administrative controls and system configurations on the Philips SureSigns VS4 patient monitor. An attacker with administrative access could alter system configuration items, causing patient vital signs data to be sent to a remote, unauthorized destination. The SureSigns VS4 (firmware A.07.107 and prior) has no vendor fix available. Philips recommends changing all system passwords to unique values and securing the device physically when not in use. Philips also recommends users consider replacing the device with newer technology.

What this means

What could happen

An attacker with local or network access to an unsecured SureSigns VS4 monitor could change administrative passwords and system configurations, potentially redirecting patient vital signs data to an unauthorized remote destination.

Who's at risk

Hospital and clinical facilities using Philips SureSigns VS4 patient monitors should prioritize this vulnerability. The SureSigns VS4 is a bedside patient monitor commonly used in ICUs, cardiac care units, and general patient monitoring; compromised units could cause patient data breaches and loss of data integrity during critical care.

How it could be exploited

An attacker would need to gain access to the device's administrative interface, either through local physical access, network access to an unprotected port, or by exploiting weak default credentials. Once access is obtained, the attacker could modify system settings and redirect patient data streams.

Prerequisites

Physical or network access to the SureSigns VS4 device
Ability to reach the device's administrative interface
Low privilege or default credentials (if present)

No patch availablePatient data exposureAdministrative access compromiseEnd-of-life device status

Exploitability

Unlikely to be exploited — EPSS score 0.1%

Affected products (1)

ProductAffected VersionsFix Status

SureSigns: VS4 A.07.107 and prior≤ S4 A.07.107No fix yet

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDChange all system passwords on the SureSigns VS4 device to unique, strong passwords for each device

HARDENINGSecure the device physically when not in use to prevent unauthorized local access

Long-term hardening

0/2

HARDENINGImplement network segmentation to restrict unauthorized access to the SureSigns VS4 administrative interface

HARDENINGPlan replacement of SureSigns VS4 devices with newer Philips patient monitor models that have improved security

CVEs (1)

CVE-2020-16237

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/67b4cd07-018e-45b6-8298-217540e83752

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.