Philips IntelliVue WLAN

Risk Summary

Successful exploitation of these vulnerabilities may cause corruption of the IntelliVue WLAN firmware and impact to the data flow over the WLAN Version A and WLAN Version B wireless modules. This would lead to an inoperative condition alert at the device and Central Station.

CVEs (2)

Remediations

• WLAN Version B is obsolete. Philips recommends users update to the WLAN assembly Version C wireless module in affected IntelliVue monitors.
• WLAN Version C with current firmware of B.00.31 is not vulnerable to the described attack.
• WLAN Version A is a software patch from Philips estimated to be available in Incenter by the end of 2019.
• Wireless network access should be controlled by authentication and authorization (e.g., WPA2), which are supported by Philips.
• As an additional mitigation measure, Philips recommends implementing a firewall rule on the user 's wireless network to restrict access control via FTP. Users should implement role-based access controls to control physical access to the system. Refer to the Security for Clinical Networks Guide and the IntelliVue Network Configuration Guide for additional security recommendations.
• Please see the Philips product security website for the latest security information for Philips products:https://www.philips.com/productsecurity
• Where additional information is needed, follow this link to existing cybersecurity in medical device guidance issued by the FDA.

Affected Vendors

Affected Products (4)

Affected Sectors

Healthcare and Public Health