Phillips IntelliVue Patient and Avalon Fetal Monitors Vulnerability Warning Released

June 9, 2018

 

An official advisory over vulnerabilities impacting specific Phillips IntelliVue Patient and Avalon Fetal monitors has been issued by the Division of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

Three vulnerabilities have been found by Phillips and conveyed to ICS-CERT: Two have been provided a high ranking and one medium.

If successfully directed and abused, a hacker might read/write memory and fit a denial of service via a system restart. Misuse of the vulnerabilities might result in a delay in the diagnosis and care of patients.

Products Affected:

  • IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M;
  • Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3
  • IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only);

Vulnerabilities:

CWE-0287 – Incorrect Verification Weakness

After getting LAN access, an unauthenticated individual might target the vulnerability to gain access to the memory (write-what-where) on a selected appliance within the same subnet.

CWE-200 – Information Revelation Weakness

Misuse of this vulnerability might allow an unauthenticated attacker to access the memory of a chosen appliance within the same subnet.

CWE-121 – Stack-Based Buffer Overload Weakness

Misuse of the vulnerability would disclose an echo service, in which an attacker-sent buffer to an attacker-chosen appliance address within the same subnet is copied to the stack with no boundary checks, therefore resulting in a stack overflow.

Alleviations:

Phillips shared the weaknesses under its Co-ordinated Weakness Exposure Plan. A counseling was proactively transmitted to let users of the affected products take action to avoid the vulnerabilities from being abused.

Phillips notices that the vulnerabilities can’t be abused distantly and need a malevolent actor to first gain LAN access to the medical appliances. Also, these vulnerabilities need a substantial level of technical know-how to target.

No public activities for the vulnerabilities have been found and there have been no reports of any abuse of the vulnerabilities in the wild.

Phillips is developing a patch to tackle all three problems on IntelliVue software Revisions J-M and Avalon software Revisions G.0 and J.3 in 2018. For non-supported types, Phillips will provide an update-path to get users updated to a supported type. Users of unsupported types must contact their Phillips sales representative for more details.

In the meantime, users of the affected products can take the below mentioned steps to minimize the possibility for misuse of the weaknesses:

  • IntelliVue Monitors – follow guidelines for use in the Security for Medical Networks Guide and update to Correction K.2 or fresher software.
  • Avalon Fetal Monitors Issue G.0 and Issue J.3 – refer to the Data Secrecy and Network Safety Needs in the fitting and service handbook.
  • Avalon Fetal Monitors Issue F.0 – Obey the guidelines as recorded in the Rev J.3 Service Guidebook Data Secrecy and Network Safety Requirements unit.
  • Apply physical safety access controls to limit access to the appliances to lawful users, as specified in the Philips Safety for Medical Systems guidebook and the IntelliVue Medical Systems Configuration Guidebook.
  • Adapt rational safety access controls to halt the appliances from transmitting outside the Phillips medical system.
  • Find all vulnerable appliances behind firewalls and segregate them from the business system.
  • Make certain the appliances are not accessible through the Internet.