ICSMA-18-156-01 · Published 2018-06-05 · View on CISA ICS-CERT ↗

Philips' IntelliVue Patient and Avalon Fetal Monitors

CVSS 8.3 HIGH

Risk Summary

Successful exploitation may allow an attacker to read/write memory, and/or induce a denial of service through a system restart, thus potentially leading to a delay in diagnosis and treatment of patients.

CVEs (3)

CVE-2018-10597 CVE-2018-10599 CVE-2018-10601

Remediations

Philips will provide a remediation patch for specific supported versions, as well as an upgrade path for all versions. Philips will communicate service options to all affected install-base users.Philips recommends users obtain associated field change and service bulletin information from Philips by accessing their InCenter account at this location:
http://incenter.medical.philips.com (link is external).
Please see the Philips product security website for the latest public security information on this matter and for other Philips products:
https://www.philips.com/productsecurity (link is external).
Philips provides the following mitigations for these vulnerabilities:

Affected Vendors

Philips

Affected Products (3)

Philips · Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 F.0.G.0 | J.3

Philips · IntelliVue Patient Monitors MX (MX400-550) Rev J-M | (X3/MX100 for Rev M only)

Philips · IntelliVue Patient Monitors MP Series (includingMP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more