Philips Interventional Workstations

Monitor6.5ICS-CERT ICSMA-21-019-01Jan 19, 2021

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Philips Interventional Workspot, ViewForum, and Coronary Tools contain a vulnerability in the IPMI (Intelligent Platform Management Interface) that allows an attacker on the hospital network to remotely shut down or restart the workstation. The IPMI interface uses weak or unchanged default credentials. An attacker with network access can authenticate and issue a shutdown command, forcing physicians to rely on degraded diagnostic imaging from the X-ray system alone.

What this means

What could happen

An attacker on the hospital network could remotely shut down or restart an Interventional Workstation, interrupting interventional procedures and forcing physicians to fall back to older diagnostic imaging methods.

Who's at risk

Hospital interventional radiology and cardiology departments operating Philips Interventional Workspot systems. Clinicians and hospital IT staff should prioritize this—procedure interruptions directly impact patient care delivery.

How it could be exploited

An attacker with network access to the workstation discovers the IPMI interface (Intelligent Platform Management Interface) uses a weak or unchanged default password. The attacker authenticates to IPMI and issues a shutdown or reboot command to the workstation.

Prerequisites

Network access to IPMI port (typically 623 UDP or 5900+ TCP variants)
Default or weak IPMI credentials not changed from factory defaults
Attacker must be on the same network as the workstation (adjacent network access, not remotely exploitable from the internet)

affects clinical workflow (procedure interruption)default credentials (IPMI typically ships with default password)adjacent network access required but common in hospital environmentlow complexity exploitation (password change and shutdown command)medium CVSS score (6.5)

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (3)

3 pending

ProductAffected VersionsFix Status

Interventional Workspot: (Release 1.3.2 1.4.0 1.4.1 1.4.3 1.4.5)(Release 1.3.2 1.4.0 1.4.1 1.4.3 1.4.5)No fix yet

ViewForum: (Release 6.3V1L10)6.3V1L10No fix yet

Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live: (Release 1.0)1.0No fix yet

Remediation & Mitigation

0/3

Do now

0/1

WORKAROUNDChange the IPMI password for each Interventional Workstation from the default to a strong, unique password and restrict IPMI management port access via firewall rules

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXContact Philips service support to schedule a service visit and apply the official software patch (reference FCO 2019-IGTBST-014)

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate clinical workstations from general hospital IT networks and restrict management access to authorized IT personnel only

CVEs (1)

CVE-2020-27298

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b1414961-653b-4fc9-8fba-b9e689e0ee94