Philips Intellispace Cardiovascular (ISCV)

Plan PatchCVSS 7.7ICS-CERT ICSMA-25-072-01Mar 13, 2025

Philips

Attack path

Attack VectorLocal

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

CVE-2025-2229 and CVE-2025-2230 allow session replay attacks in Philips Intellispace Cardiovascular (ISCV) versions ≤4.1 and ≤5.1. An attacker with local workstation access can replay an active user session to gain unauthorized access to patient records and cardiac imaging data without authentication. These vulnerabilities are not remotely exploitable. Philips has released patches: ISCV 4.2 build 20589 (released May 2019) for CVE-2025-2229, and ISCV 5.2 (released September 2020) for CVE-2025-2230. The current latest version is ISCV 8.0.0.0.

What this means

What could happen

An attacker with local access to a workstation running ISCV could replay an active user session to gain unauthorized access to patient records and sensitive cardiac imaging data without needing to know the user's password.

Who's at risk

Healthcare facilities operating Philips Intellispace Cardiovascular systems for cardiac imaging and patient record management should prioritize patching. This includes hospital cardiology departments, cardiac imaging centers, and any facility using ISCV versions 4.1 or earlier, or 5.1 or earlier.

How it could be exploited

An attacker must have local access to a workstation where ISCV is running and a user is logged in. The attacker can then intercept or replay the session token/credentials to assume the identity of the logged-in user and access patient records and clinical data through the application.

Prerequisites

Local access to workstation running ISCV
An active user session already logged into ISCV
No authentication bypass needed once session is compromised

local access requiredaffects patient data confidentiality and integrityhigh CVSS score (7.7)affects healthcare safety and compliance

Exploitability

Unlikely to be exploited — EPSS score 0.0%

Affected products (2)

2 with fix

ProductAffected VersionsFix Status

Intellispace Cardiovascular (ISCV): <=4.1≤ 4.14.2 build 20589

Intellispace Cardiovascular (ISCV): <=5.1≤ 5.14.2 build 20589

Remediation & Mitigation

0/5

Do now

0/3

Intellispace Cardiovascular (ISCV): <=4.1

HARDENINGRestrict physical and network access to workstations running ISCV to authorized clinical staff only.

WORKAROUNDImplement automatic session timeout on ISCV workstations to limit the duration of active sessions.

All products

HARDENINGRequire users to lock their workstations when stepping away, and enforce this through policy and monitoring.

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

Intellispace Cardiovascular (ISCV): <=4.1

HOTFIXUpgrade ISCV to version 4.2 build 20589 or later (for versions ≤4.1) or to version 5.2 or later (for versions ≤5.1). Contact your Philips service representative to schedule the upgrade.

Long-term hardening

0/1

Intellispace Cardiovascular (ISCV): <=4.1

HARDENINGIsolate ISCV systems from the general IT network and limit network access to only required clinical and administrative users.

CVEs (2)

CVE-2025-2230 CVE-2025-2229

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b752a54d-a0f7-4c41-bbec-15bacf4b4a02

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.