Philips e-Alert

Monitor6.5ICS-CERT ICSMA-22-088-01Mar 29, 2022

Attack VectorAdjacent

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Philips e-Alert versions 2.7 and earlier are vulnerable to an unauthenticated remote shutdown attack when accessed from the healthcare facility network. Successful exploitation allows an unauthorized actor to remotely shut down the system, disrupting patient monitoring and alert functionality. Philips plans to release a patched version before July 2022. Until a patch is available, network access controls and segmentation are the primary mitigations.

What this means

What could happen

An attacker with access to the healthcare facility network could remotely shut down the e-Alert system, potentially disrupting critical patient monitoring and alert functionality.

Who's at risk

Healthcare facilities operating Philips e-Alert patient monitoring systems should prioritize this. e-Alert is commonly deployed in hospitals, emergency departments, and intensive care units to provide critical patient alerts and notifications.

How it could be exploited

An attacker on the same local network segment (adjacent network, not directly from Internet) could send unauthenticated commands to the e-Alert device to trigger a shutdown without requiring valid credentials or user interaction.

Prerequisites

Network access to e-Alert device on the same local network segment (adjacent network)
No authentication credentials required
e-Alert running version 2.7 or earlier

remotely exploitable within networkno authentication requiredlow complexityaffects patient safety systemsno patch currently available

Exploitability

Low exploit probability (EPSS 0.0%)

Affected products (1)

ProductAffected VersionsFix Status

e-Alert:≤ 2.7No fix (EOL)

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGImplement network access controls: place e-Alert behind a firewall and isolate the medical device network from the general business network

HARDENINGRestrict e-Alert network access to only authorized personnel and systems; implement 802.1X or similar access controls on the network switch port

HARDENINGMonitor for and block unauthorized access attempts to e-Alert; implement network segmentation so the device is not reachable from untrusted network segments

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate to patched version when Philips releases the remediation (planned before July 2022)

CVEs (1)

CVE-2022-0922

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/71e5dd19-6af8-4f11-ae00-1e673755faf4