OTPulse
FeedAboutContact

Philips Interoperability Solution XDS

Low Risk3.7ICS-CERT ICSMA-21-175-01Jun 24, 2021
Attack VectorNetwork
Auth RequiredNone
ComplexityHigh
User InteractionNone needed
Summary

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 contain a cleartext transmission vulnerability (CWE-319) in LDAP credential handling. An attacker with network access could read LDAP system credentials from traffic if the system is configured to use LDAP via TLS with domain controller referrals enabled. The vulnerability has high attack complexity and low probability of exploitation. No public exploits are known.

What this means
What could happen
An attacker with network access could read LDAP system credentials used for authentication, potentially gaining unauthorized access to the healthcare IT network. This applies only to configurations using LDAP with TLS and LDAP referrals enabled.
Who's at risk
Philips Interoperability Solution XDS used in healthcare IT environments for data exchange. Affects any installation using LDAP authentication with TLS and referrals enabled, particularly in hospital networks where XDS coordinates clinical data between systems.
How it could be exploited
An attacker on the network between the XDS system and LDAP server could intercept LDAP traffic and extract credentials from referral responses, even over TLS, if LDAP referrals are enabled. High complexity attack requiring specific configuration and careful timing.
Prerequisites
  • Network access to LDAP traffic between XDS and domain controller
  • LDAP configured via TLS
  • LDAP referrals enabled on domain controller
  • Attacker positioned to observe or intercept LDAP communication
remotely exploitableno patch availablespecific configuration requiredhigh attack complexitylow CVSS (3.7)
Exploitability
Low exploit probability (EPSS 0.1%)
Affected products (2)
2 EOL
ProductAffected VersionsFix Status
Interoperability Solution XDS:≥ 2.5 | ≤ 3.11No fix (EOL)
Interoperability Solution XDS:≥ 2018-1 | ≤ 2021-1No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGDisable LDAP referrals on LDAP servers if LDAP via TLS is used
HARDENINGConfigure LDAP servers to include complete directory structure for searches instead of using referrals
Mitigations - no patch available
0/2
The following products have reached End of Life with no planned fix: Interoperability Solution XDS:, Interoperability Solution XDS:. Apply the following compensating controls:
HARDENINGSegment the network to isolate XDS and domain controller traffic from untrusted network zones
HARDENINGMonitor LDAP traffic for anomalous patterns or repeated referral queries
View full CISA ICS-CERT advisory
↑↓ Navigate · Esc Close
API: /api/v1/advisories/e16f7b79-2344-45d5-afe3-a9e5618c09b8