7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.5%
Successful exploitation of this vulnerability may allow an attacker unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could impact confidentiality and integrity of the system and application. If a user has opted to install the Document Export (DOX) function on the application server, information at risk of exposure may also include protected health information (PHI).
The following versions of IntelliSpace Perinatal, an obstetrics information management system, are affected:
A vulnerability within the IntelliSpace Perinatal application environment could enable an unauthorized attacker with physical access to a locked application screen, or an authorized remote desktop session host application user to break-out from the containment of the application and access unauthorized resources from the Windows operating system as the limited-access Windows user. Due to potential Windows vulnerabilities, it may be possible for additional attack methods to be used to escalate privileges on the operating system.
CVE-2019-13546 has been assigned to this vulnerability. A CVSS v3 base score of 6.1 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N).
Brian Landrum of Coalfire LABS reported this vulnerability to Philips.
Philips has identified the following guidance and controlling risk mitigations:
Philips will update IntelliSpace Perinatal documentation to provide clear guidance on the above mitigations. This documentation is available to users on Philips InCenter.
Philips will be further assessing options for remediation in the next minor product update, which is planned for the end of 2020.
Users with questions about their specific IntelliSpace Perinatal product should contact a Philips service support team.
The Philips advisory is available at the following URL: http://www.philips.com/productsecurity
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:
Where additional information is needed, follow this link to existing cybersecurity in medical device guidance issued by the FDA.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on us-cert.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.gov in the Technical Information Paper, ICS-TIP-12-146-01B–Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.
No known public exploits specifically target this vulnerability. This vulnerability is not exploitable remotely.
incenter.medical.philips.com/Default.aspx?alias=incenter.medical.philips.com/pmspublic
incenter.medical.philips.com/Default.aspx?alias=incenter.medical.philips.com/pmspublic
incenter.medical.philips.com/Default.aspx?alias=incenter.medical.philips.com/pmspublic
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13546
cwe.mitre.org/data/definitions/668.html
public.govdelivery.com/accounts/USDHSCISA/subscriber/new?topic_id=USDHSCISA_138
twitter.com/CISAgov
twitter.com/intent/tweet?text=Philips%20IntelliSpace%20Perinatal+https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-297-01
www.dhs.gov
www.dhs.gov/foia
www.dhs.gov/performance-financial-reports
www.facebook.com/CISA
www.facebook.com/sharer/sharer.php?u=https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-297-01&title=Philips%20IntelliSpace%20Perinatal
www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm
www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
www.instagram.com/cisagov
www.linkedin.com/company/cybersecurity-and-infrastructure-security-agency
www.linkedin.com/sharing/share-offsite/?url=https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-297-01
www.oig.dhs.gov/
www.surveymonkey.com/r/CISA-cyber-survey?product=https://www.cisa.gov/news-events/ics-medical-advisories/icsma-19-297-01
www.us-cert.gov/ics
www.us-cert.gov/ics
www.us-cert.gov/ics/recommended-practices
www.us-cert.gov/ics/tips/ICS-TIP-12-146-01B
www.us-cert.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf
www.usa.gov/
www.usa.philips.com/healthcare/about/customer-support/product-security
www.whitehouse.gov/
www.youtube.com/@cisagov
mailto:?subject=Philips%20IntelliSpace%20Perinatal&body=www.cisa.gov/news-events/ics-medical-advisories/icsma-19-297-01
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
6.8 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.5%