Philips IntelliSpace Cardiovascular Vulnerabilities

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker with local access and users privileges to the ISCV/Xcelera server to escalate privileges on the ISCV/Xcelera server and execute arbitrary code.

CVEs (1)

Remediations

• For ISCV Version 2.x or prior and Xcelera Version 4.1 or prior, this has been mitigated in ISCV 3.1. Users should contact their local Philips service support team of their regional service support for upgrade instructions.
• For ISCV Version 3.1 or prior and Xcelera Version 4.1 or prior, this will be mitigated in ISCV Version 3.2, scheduled to be released in October 2018.
• As an interim mitigation to the vulnerabilities until ISCV Version 3.2 can be applied, Philips recommends that users:
• Users with questions regarding their specific IntelliSpace Cardiovascular installations are advised by Philips to contact their local Philips service support team or their regional service support. Philips contact information is available at the following location:
• https://www.usa.philips.com/healthcare/solutions/customer-service-solutions (link is external).
• Please see the Philips product security website for the latest security information for Philips products:
• https://www.philips.com/productsecurity (link is external).

Affected Vendors

Affected Products (2)

Affected Sectors

Healthcare and Public Health