An official advisory over weaknesses impacting certain Phillips IntelliVue Patient and Avalon Fetal monitors has been released by the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
Three weaknesses have been discovered by Phillips and communicated to ICS-CERT: Two have been given a high rating and one medium.
If successfully targeted exploited, a hacker could read/write memory and install a denial of service through a system restart. Exploitation of the weaknesses could lead to a delay in the diagnosis and treatment of patients.
Products Impacted:
- IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M;
- Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3
- IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only);
Weaknesses:
CWE-0287 – Improper Authentication Vulnerability
After obtaining LAN access, an unauthenticated person could target the weakness to gain access to the memory (write-what-where) on a selected device within the same subnet.
CWE-200 – Information Exposure Vulnerability
Exploitation of this weakness could allow an unauthenticated attacker could access the memory of a chosen device within the same subnet.
CWE-121 – Stack-Based Buffer Overload Vulnerability
Exploitation of the weakness would expose an echo service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is duplicated to the stack with no boundary checks, hence leading to a stack overflow.
Mitigations:
Phillips shared the vulnerabilities under its Co-ordinated Vulnerability Disclosure Policy. An advisory was proactively broadcast to allow users of the impacted products to take action to prevent the weaknesses from being exploited.
Phillips notes that the weaknesses cannot be exploited remotely and require a malicious actor to first gain LAN access to the medical devices. Also, these weaknesses require a considerable degree of technical expertise to target.
No public exploits for the weaknesses have been detected and there have been no reports of any exploitation of the weaknesses in the wild.
Phillips is developing a patch to address all three issues on IntelliVue software Revisions J-M and Avalon software Revisions G.0 and J.3 in 2018. For non-supported versions, Phillips will supply an update-path to get users upgraded to a supported version. Users of unsupported versions should get in touch with their Phillips sales representative for further details.
Meanwhile, users of the affected products can take the following measure to minimize the potential for exploitation of the vulnerabilities:
- IntelliVue Monitors – adhere to instructions for use in the Security for Clinical Networks Guide and update to Revision K.2 or newer software.
- Avalon Fetal Monitors Release G.0 and Release J.3 – refer to the Data Privacy and Network Security Requirements in the installation and service manual.
- Avalon Fetal Monitors Release F.0 – Follow the instructions as listed in the Rev J.3 Service Guide Data Privacy and Network Security Requirements section.
- Implement physical security access controls to restrict access to the devices to authorized users, as detailed in the Philips Security for Clinical Networks guide and the IntelliVue Clinical Networks Configuration Guide.
- Adapt logical security access controls to stop the devices from sending outside the Phillips clinical network.
- Locate all susceptible devices behind firewalls and isolate them from the business network.
- Make sure the devices are not accessible via the Internet.