Philips IntelliBridge EC 40 and EC 80 Hub

Risk Summary

Successful exploitation of these vulnerabilities may allow an attacker unauthorized access to the IntelliBridge EC40 and80 Hub. This could allow an attacker to execute software, modify system configurations, or view/update files, including unidentifiable patient data.

CVEs (2)

Remediations

• Philips plans to make a new release to remediate these vulnerabilities by the end of Q4 2021.
• As an interim mitigation to these vulnerabilities, Philips recommends the following:
• Users with questions about their specific EC 40 and EC 80 Hub products should contact the Philips service support team or regional service support. Philips contact information is available on the Philipscustomer service solutions website, or via phone (U.S.) at 1-800-722-9377.
• The IntelliBridge EC 40 and EC 80 Hub is intended to transfer medical device data from one format to another according to preset specifications. It performs data transfer without controlling or altering the function or parameters of any connected medical devices. The EC 40 and EC 80 Hub are not intended for use in connection with active patient monitoring. If data is not received from the hub a notification is generated on the PIC iX Central Station and users are advised to refer to the source medical device.
• More information on these vulnerabilities, as well as the latest security information for Philips products, is available on the Philips product security website.

Affected Vendors

Affected Products (2)

Affected Sectors

Healthcare and Public Health