5.4 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:P/A:P
8.3 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.8%
CVSS v3 8.3
Vendor: Philips
Equipment: IntelliVue Patient Monitors, Avalon Fetal/Maternal Monitors
Vulnerabilities: Improper Authentication, Information Exposure, Stack-based Buffer Overflow
Successful exploitation may allow an attacker to read/write memory, and/or induce a denial of service through a system restart, thus potentially leading to a delay in diagnosis and treatment of patients.
The following IntelliVue Patient Monitors versions are affected:
The following Avalon Fetal/Maternal Monitors versions are affected:
The vulnerability allows an unauthenticated attacker to access memory (βwrite-what-whereβ) from an attacker-chosen device address within the same subnet.
CVE-2018-10597 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
The vulnerability allows an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet.
CVE-2018-10599 has been assigned to this vulnerability. A CVSS v3 base score of 6.4 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L).
The vulnerability exposes an βechoβ service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the stack with no boundary checks, hence resulting in stack overflow.
CVE-2018-10601 has been assigned to this vulnerability. A CVSS v3 base score of 8.2 has been calculated; the CVSS vector string is (AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H).
Oran Avraham of Medigate, in coordination with Philips, reported these vulnerabilities to NCCIC.
Philips will provide a remediation patch for specific supported versions, as well as an upgrade path for all versions. Philips will communicate service options to all affected install-base users.
Philips recommends users obtain associated field change and service bulletin information from Philips by accessing their InCenter account at this location:
<http://incenter.medical.philips.com> (link is external).
Please see the Philips product security website for the latest public security information on this matter and for other Philips products:
<https://www.philips.com/productsecurity> (link is external).
Philips provides the following mitigations for these vulnerabilities:
NCCIC recommends that users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01BβTargeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
No known public exploits specifically target these vulnerabilities. These vulnerabilities are exploitable from within the same local device subnet. High skill level is needed to exploit.
incenter.medical.philips.com
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10597
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10599
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10601
cwe.mitre.org/data/definitions/121.html
cwe.mitre.org/data/definitions/200.html
cwe.mitre.org/data/definitions/287.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Philips%27%20IntelliVue%20Patient%20and%20Avalon%20Fetal%20Monitors+https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-156-01
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-156-01&title=Philips%27%20IntelliVue%20Patient%20and%20Avalon%20Fetal%20Monitors
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-156-01
www.oig.dhs.gov/
www.philips.com/productsecurity
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-medical-advisories/icsma-18-156-01
www.usa.gov/
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Philips%27%20IntelliVue%20Patient%20and%20Avalon%20Fetal%20Monitors&body=www.cisa.gov/news-events/ics-medical-advisories/icsma-18-156-01
5.4 Medium
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:M/Au:N/C:P/I:P/A:P
8.3 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
41.8%