Philips IntelliBridge EC 40 and EC 80 Hub

Plan Patch8.1ICS-CERT ICSMA-21-322-01Nov 18, 2021

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

The Philips IntelliBridge EC 40 and EC 80 Hub contain authentication and credential management vulnerabilities (CWE-798, CWE-288) that allow an attacker with network access to gain unauthorized access without valid credentials. Exploitation could allow an attacker to execute arbitrary commands, modify system configurations, and read or alter patient data stored on the hub. The hub is used to transfer medical device data between systems according to preset specifications and is not involved in active patient monitoring. Philips has not yet released patches; the vendor states a new firmware release is planned by the end of Q4 2021.

What this means

What could happen

An attacker with network access to the hub could execute commands, modify system configurations, and access or alter patient data stored on the device. This could compromise the integrity of medical device data transfers and potentially expose sensitive patient information.

Who's at risk

Healthcare facilities operating Philips IntelliBridge EC 40 and EC 80 data hubs used to transfer medical device data. This affects clinical engineering teams, hospital IT departments managing medical device networks, and any facility relying on these hubs for real-time or batch medical device data integration.

How it could be exploited

An attacker on the same network segment as the IntelliBridge hub could exploit hard-coded or default credentials (CWE-798) or weak authentication mechanisms (CWE-288) to gain unauthorized access. Once authenticated, the attacker could run commands or modify files on the hub without needing to provide additional credentials or user interaction.

Prerequisites

Network access to the IntelliBridge EC 40 or EC 80 Hub
No valid user credentials required
Device must be reachable from attacker's network segment

No patch currently availableHard-coded or default credentials (CWE-798)Weak authentication (CWE-288)Remotely exploitable over networkAccess to sensitive patient dataLow network complexity

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (2)

2 EOL

ProductAffected VersionsFix Status

IntelliBridge EC 40 Hub: C.00.04 and prior≤ C.00.04No fix (EOL)

IntelliBridge EC 80 Hub: C.00.04 and prior≤ C.00.04No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

HOTFIXContact Philips service support to discuss patch availability and deployment timeline for your specific hub models

HARDENINGImplement network segmentation to restrict access to the IntelliBridge hub to only authorized medical device systems and clinical engineering networks

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

WORKAROUNDMonitor network traffic to and from the hub for suspicious connections or data access patterns

HARDENINGReview and document all users and systems with access to the hub; implement access controls to limit connections to known, necessary devices only

HOTFIXOnce Philips releases the patched firmware (expected Q4 2021), plan and schedule a maintenance window to update the hub

CVEs (2)

CVE-2021-32993 CVE-2021-33017

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/0ac2c1b8-0a8a-451f-b713-df7f244230a7