ICSMA-25-072-01
·
Published 2025-03-13
·
View on CISA ICS-CERT ↗
Philips Intellispace Cardiovascular (ISCV)
CVSS 7.7
HIGH
Risk Summary
Successful exploitation of these vulnerabilities could allow an attacker to replay the session of the logged in ISCV user and gain access to patient records.
CVEs (2)
Remediations
- Philips recommends the following mitigations:
- CVE-2025-2230: Resolved in ISCV 5.2, which was released in September 2020.
- Philips recommends users upgrade ISCV installed base to the latest ISCV version (at the time of this publication is 830089 – IntelliSpace Cardiovacular 8.0.0.0)
- Please contact a local Philips sales (service) representative to learn how to engage this upgrade process.
- For managed services users, new releases will be made available upon resource availability. Releases are subject to country-specific regulations.
- Refer to the Philips advisory for more details.
- CVE-2025-2229: Resolved in ISCV 4.2 build 20589, which was released in May 2019.
Affected Vendors
Philips
Affected Products (2)
Philips
·
Intellispace Cardiovascular (ISCV)
<=4.1
Philips
·
Intellispace Cardiovascular (ISCV)
<=5.1
Affected Sectors
Healthcare and Public Health
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more