Philips Patient Monitoring Devices (Update C)
Monitor6.8ICS-CERT ICSMA-20-254-01Sep 10, 2020
Attack VectorPhysical
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
Multiple Philips patient monitoring devices contain vulnerabilities in certificate validation, authentication, and input handling (CWE-287, CWE-299, CWE-20, CWE-79, CWE-130, CWE-1236, CWE-1286, CWE-668). These affect Patient Information Center iX (PICiX) versions B.02, C.02, C.03; PerformanceBridge Focal Point A.01; and IntelliVue monitors (MX100, MX400-MX850, MP2-MP90, X2, X3). Successful exploitation requires either physical access to monitors and surveillance stations or access to the medical device network, and could result in unauthorized access, interrupted monitoring, and unauthorized collection of patient data.
What this means
What could happen
An attacker with network or physical access could bypass authentication, disrupt patient monitoring, or steal sensitive patient data from surveillance stations and bedside monitors. This could delay clinical decision-making and expose protected health information.
Who's at risk
Healthcare facilities operating Philips IntelliVue patient monitors (MX100, MX400-MX850, MP2-MP90, X2, X3) and Patient Information Center iX (PICiX) surveillance stations. Clinical engineering and IT staff responsible for medical device networks, ICU/cardiac monitoring units, and patient data security should prioritize network isolation and access controls.
How it could be exploited
An attacker on the medical device network (or with physical access to a monitor/surveillance station) could exploit weak certificate validation, lack of authentication enforcement, or configuration weaknesses to gain unauthorized access to the monitoring system. From there, they could alter readings, interrupt monitoring feeds, or extract patient information.
Prerequisites
- Access to the medical device network OR physical access to IntelliVue patient monitors and PIC iX surveillance stations
- No valid credentials required for some attack vectors
- SCEP service running (if exploiting certificate enrollment)
No authentication required for some attack vectorsLow complexity exploitationAccess to sensitive patient data (PII/PHI)Affects patient safety monitoring systemsMultiple Philips products affectedSome products have no patches available
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (9)
5 with fix4 pending
ProductAffected VersionsFix Status
Patient Information Center iX (PICiX): B.02B.02No fix yet
Patient Information Center iX (PICiX): C.02C.02No fix yet
Patient Information Center iX (PICiX): C.03C.03No fix yet
PerformanceBridge Focal Point: A.01A.01No fix yet
IntelliVue patient monitor MX100: <=N≤ NN.00 and N.01
IntelliVue patient monitor MX400-MX850: <=N.0≤ NN.00 and N.01
IntelliVue X2: <=N≤ NN.00 and N.01
IntelliVue X3: <=N≤ NN.00 and N.01
Remediation & Mitigation
0/7
Do now
0/5HARDENINGPhysically or logically isolate the patient monitoring network from the hospital LAN using firewalls or routers with access control lists
WORKAROUNDDisable the SCEP service unless actively enrolling new devices
HARDENINGWhen using SCEP for device enrollment, require unique 8-12 character randomized challenge passwords
HARDENINGImplement physical security controls (locked data centers, controlled access at nurses' stations) to prevent unauthorized access to servers and monitors
HARDENINGRestrict remote access to PIC iX servers to only essential personnel and use role-based least-privilege login policies
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
HOTFIXUpgrade Patient Information Center iX to Version C.03 or later
HOTFIXUpgrade IntelliVue Patient Monitors to Version N.00 or N.01 (or contact Philips support for Version M.04 upgrade path)
CVEs (8)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/07e2dbed-d277-451d-8fc9-f771cc11a76c