Please find our Security Advisories here

Security Advisory Archives (2018)

Philips HealthSuite Health Android App (6-December-2018)

Publication Date: December 5, 2018

Update Date: December 5, 2018

Philips is a committed leader in medical device cybersecurity. As part of our global Product Security Policy, the company conducts extensive ongoing analysis of our products, often in collaboration with customers and researchers, to identify and address potential vulnerabilities.

In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible system security vulnerabilities, the company is proactively issuing an advisory concerning an identified inadequate encryption strength vulnerability affecting the Philips HealthSuite Health Android application.

Unless addressed, this issue may allow an attacker with physical access to potentially impact confidentiality and integrity of the product.

At this time, Philips has received no reports of exploitation of this vulnerability or incidents from clinical use that we have been able to associate with this vulnerability, Philips analysis indicates that there is no expectation of patient hazard due to this issue.

This vulnerability will be addressed by a new software release scheduled for Q1 2019.

Philips advises users against jail-breaking or rooting their mobile device. A jail broken or rooted device means one that is modified outside the mobile device or operating system vendor supported or warranted configurations. Such devices have been freed from the limitations imposed on it by mobile service providers and the phone manufacturers without their approval. This may affect the performance of the App, weaken the security of devices and expose users to additional risks.

Philips has reported this potential vulnerability and its resolution to customers and the appropriate government agencies, including US DHS ICS-CERT, which is issuing an advisory.

Users with questions regarding their specific Philips HealthSuite Health Android app are advised by Philips to contact their Customer Success Manager (CSM), local Philips service support team, or regional service support. Philips contact information is available at the following location:

https://www.usa.philips.com/healthcare/solutions/customer-service-solutions

Philips iSite and IntelliSpace PACS Vulnerabilities (8-November-2018)

Publication Date: November 8, 2018

Update Date: November 8, 2018

Philips is a committed leader in medical device cybersecurity. Governed by our global Product Security Policy, the company conducts extensive ongoing analysis of our products, often in collaboration with customers and researchers, to identify and address potential vulnerabilities.

As part of Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of potential system security vulnerabilities, Philips is proactively issuing an advisory concerning potential vulnerabilities that may affect Philips iSite and IntelliSpace PACS (Picture Archiving and Communications Systems).

Philips has confirmed that Philips iSite and IntelliSpace PACS contain security vulnerabilities that under certain specific conditions could impact or potentially compromise patient confidentiality, system integrity, and/or system availability. These vulnerabilities are not exploitable over the Internet.

As an interim mitigation for this potential issue, Philips recommends that users:

• Ensure only customer-authorized personnel can connect to the customer controlled network environment.

• Review Instructions for Use guidelines available with the application interface and follow the security best practices.

Philips can work with customers to provide assistance with resetting system passwords, or customers may request a Compute Environment (CE) release to address this issue.

At this time, Philips has received no reports of patient harm. Philips analysis has shown that it is unlikely that this vulnerability would impact clinical use, due to mitigating controls currently in place. To date, Philips has received no complaints involving clinical use that we have been able to associate with this problem.

Philips IntelliSpace PACS runs in a managed service environment which adheres to ICS-CERT recommendations to minimize the risk of exploitation (Virtual Private Network, Firewall isolation from other networks, no internet access). In addition, Philips employs an automated Antivirus solution that continuously monitors and remediates threats across all systems in the managed service environment. Philips has a monthly recurring patch program which all IntelliSpace PACS users are encouraged to participate. Customers who participate in this program receive all Philips approved operating system and application patches in a timely fashion.

Philips will continue to add cybersecurity vulnerability remediation improvements through our Secure Development Lifecycle (SDL) as threats continue.

Philips has reported these potential vulnerabilities and its resolution to customers and the appropriate government agencies, including US DHS ICS-CERT, which is issuing an advisory.

Users with questions regarding their specific IntelliSpace PACS solutions are advised by Philips to contact their Customer Success Manager (CSM), Market Success Leader (MSL), local Philips service support team, or regional service support. Philips contact information is available at the following location: Customer Service Solutions

Philips EncoreAnywhere APAC Vulnerabilities (8-October-2018)

Publication Date: May 17, 2018

Update Date: October 8, 2018

As part of Philips’ Responsible Disclosure Policy for the awareness and remediation of identified product security vulnerabilities, the company is proactively issuing an advisory concerning a potential, low-risk security vulnerability that may affect the EncoreAnywhere hosted web application deployed for use with certain Philips Respironics products and limited to the Asia/Pacific region. This potential issue only affects EncoreAnywhere APAC 2.36.3.3 and earlier software versions.

Philips has confirmed that the potential security vulnerability, if successfully exploited, may result in unencrypted communication and improper disclosure of sensitive data. This vulnerability could be exploited remotely by an unauthorized user. However, an attacker would require a high level of skill in order to successfully exploit this vulnerability. Vulnerability remediation is planned by September 2018 and was completed at that time.

At this time, Philips has received no reports of exploitation of this vulnerability or incidents from clinical use that have been associated with the vulnerability.

Philips has reported this potential vulnerability and its resolution to customers and the appropriate government agencies, including ICS-CERT, which is issuing an advisory.

Philips recognizes that the security of our healthcare, personal health, and home consumer products and services are business critical for our customers. Philips has taken the lead in creating a Responsible Disclosure Policy, to collaborate with customers, security researchers, regulators and other agencies to help proactively identify, address and disclose potential vulnerabilities in a safe and effective manner.

Customers with questions regarding their specific Philips installations are advised by Philips to contact their local Philips service support team or their regional service support.
Philips contact information is available at the following location:

https://www.usa.philips.com/healthcare/solutions/customer-service-solutions

Philips eAlert Unit Vulnerabilities (30-AUG-2018)

Publication Date: August 30, 2018

Update Date: August 30, 2018

In accordance with Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of possible system security vulnerabilities, the company is proactively issuing an advisory concerning potential unencrypted communication vulnerabilities in versions of Philips e-Alert service units up to and including R2.1.

If successfully exploited, this potential vulnerability may allow an attacker within the same subnet to impact or compromise customer contact details, system integrity, and/or system availability. The vulnerabilities may allow attackers of low skill to provide unexpected input into the application, execute arbitrary code, display system information, or potentially cause a system crash. Philips e-Alert is not a medical device, therefore there is no risk to patient safety.

In June 2018, Philips released a new software version to mitigate this potential issue. This update addressed the vulnerability and enhanced the security capabilities of the e-Alert unit.

Philips has reached out to affected users to schedule updates. Philips encourages users to use Philips-validated and authorized changes only for the e-Alert unit supported by Philips ’authorized personnel or under Philips’ explicit published directions for patches, updates, or releases. Philips always requires that the device never be Internet-facing.

Philips has reported these potential vulnerabilities and its resolution to customers and the appropriate government agencies, including US DHS ICS-CERT, which is issuing an advisory.

Users with questions regarding their specific E-Alert solutions are advised by Philips to contact their local Philips service support team or regional service support. Philips contact information is available at the following location:

https://www.usa.philips.com/healthcare/solutions/customer-service-solutions

Intel L1 Terminal Fault (L1TF) (16-August-2018)

Publication Date: August 16, 2018

Update Date: August 16, 2018

Philips is currently monitoring updates related to the recent advisory by Intel regarding three recently discovered CPU-related vulnerabilities, currently designated “L1 Terminal Fault” or L1TF. Intel has disclosed that the L1 Terminal Fault vulnerabilities affect the company’s processors manufactured from 2009 to 2018. The three L1 terminal fault vulnerabilities are designated as high risk, and if exploited may lead to unauthorized disclosure of information within an L1 data cache.

Intel further reports it has developed firmware and software updates to minimize potential exploitation of these issues. (See Intel Advisory: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html)

As part of Philips’ product security policy and protocols, the company’s global product security team is actively evaluating potential impacts on Philips solutions. At this time, Philips has not received reports of these vulnerabilities affecting clinical use of company products.

Philips advises customers with product concerns relating to these vulnerabilities should send an email to productsecurity@philips.com. Further information regarding Philips’ recommendations regarding this event may be found at the Philips product security web site: https://www.philips.com/productsecurity

Customers with questions regarding their specific products are advised to contact their local Philips service support team or their regional service support. Philips contact information is available at the following web page:

https://www.usa.philips.com/healthcare/solutions/customer-service-solutions

Philips IntelliVue Information Center (PiiC iX) B.02 (21-August-2018)

Publication Date: August 21, 2018

Update Date: August 21, 2018

As part of Philips’ Coordinated Vulnerability Disclosure Policy and aligned with U.S. FDA Post-Market Guidance requirements for the awareness and remediation of potential system security vulnerabilities, the company proactively issued an advisory concerning potential security vulnerabilities that may affect Philips IntelliVue Information Center (PiiC iX) B.02 system.

Philips has confirmed that for the B.02 version of the system, Simple TCP Services is enabled, which if successfully exploited, may potentially result in a Denial of Service where the Operating System will become unresponsive during a network attack, which will affect the application’s ability to meet the intended use.

This vulnerability is exploitable remotely. However, a high skill level by an attacker is required for successful exploitation. At this time, Philips has received no reports of exploitation of this vulnerability that impacts clinical use that we have been able to associate with this problem.

Philips has identified and put in place mitigations to reduce the risk of exploitation of this vulnerability. In order for users of affected devices to mitigate exposure to these vulnerabilities, Philips recommends following the device’s labeling, including Instructions for Use and Service Guide(s), which provide compensating controls to mitigate these vulnerabilities.

To mitigate these vulnerabilities; Philips recommends users follow the labeling for the medical device (Security for Clinical Networks Guide) which provides physical and logical security instructions. Philips will be providing the remediation in the form of a patch in Q3 2018 for all PIIC iX B.02 customers.

Philips has reported this potential vulnerability and its resolution to customers and the appropriate government agencies, including ICS-CERT, which is issuing an advisory.

Customers with questions regarding their specific Philips IntelliVue Information Center (PiiC iX) installations are advised by Philips to contact their local Philips service support team or their regional service support. Philips contact information is available at the following location:

https://www.usa.philips.com/healthcare/solutions/customer-service-solutions

Please see the Philips product security web site for the latest security information for Philips products:

https://www.philips.com/productsecurity

Philips PageWriter TC Series (16-August-2018)

Publication Date: August 16, 2018

Update Date: June 8, 2020

As part of Philips’ Coordinated Vulnerability Disclosure Policy and aligned with U.S. FDA Post-Market Guidance requirements for the awareness and remediation of potential system security vulnerabilities, the company proactively issued an advisory concerning potential security vulnerabilities that may affect Philips PageWriter TC10, TC20, TC30, TC50, TC70 Cardiograph systems.

The identified potential vulnerabilities include:

· a hardcoded superuser password

· lack of user-input “sanitization”

Philips has determined that a user with both physical access to a Philips PageWriter system as well as a superuser password for the device, could access and modify settings on the device as well as reset existing passwords. The user-input sanitization issue could lead to buffer overflow or format string vulnerabilities. A high degree of skill is required to successfully exploit these issues. Exploits that could target some of the vulnerabilities are known to be publicly available.

At this time, Philips has received no reports of patient harm. It is unlikely that these security issues would impact clinical use due to common use and mitigations currently in place. To date, Philips has received no complaints involving clinical use that we have been able to associate with these identified issues.

Philips analysis has shown that it is unlikely that these issues would impact clinical use, due to mitigating controls currently in place. Additionally, the PageWriter TC cardiograph system is not a life support or treatment device. The ECG record taken by PageWriter TC cardiographs must be confirmed by qualified physicians before being used for diagnostic purposes.

To address the identified vulnerabilities, Philips is issuing a release in Q4 2020 that will address the password and input issues. That release will be offered on both Microsoft Windows CE7 and Windows CE5 operating systems in order to support the installed base. Philips has reported these potential vulnerabilities and anticipated resolution to customers and the appropriate government agencies, including the U.S. Department of Homeland Security’s ICS-CERT, which has issued an advisory.

Users with questions regarding their specific PageWriter TC solutions are advised by Philips to contact their local Philips service support team, or regional service support. Philips contact information is available at the following location:

https://www.usa.philips.com/healthcare/solutions/customer-service-solutions

https://www.usa.philips.com/healthcare/about/contact

Please see the Philips product security web site for the latest security information for Philips products:

https://www.philips.com/productsecurity

Philips Healthcare and Windows XP End of Support

Publication Date: August 14, 2018

Update Date: August 14, 2018

As part of Philips’ Coordinated Vulnerability Disclosure Policy and aligned with U.S. FDA Post-Market Guidance requirements for the awareness and remediation of potential system security vulnerabilities, the company will issue an advisory in cooperation with U.S. DHS/ICS-CERT concerning possible issues with the Philips IntelliSpace Cardiovascular (ISCV) and Xcelera.

Philips has confirmed the findings of a customer submitted complaint of vulnerabilities affecting the Philips IntelliSpace Cardiovascular system version 2.3.1. Philips analysis also confirmed that 3.1 and earlier of the Philips IntelliSpace Cardiovascular system and version 4.x and 3.x of Xcelera are affected as well:

In ISCV version 2.x and earlier and Xcelera 4.x and 3.x the servers contain 20 Windows services of which the executables are being present in a folder where authenticated users have write permissions. The services run as a local admin account or local system account, and if a user were to replace one of the executables with a different program, that program too would be executed with local admin or local system permissions.

In ISCV version 3.x and earlier and Xcelera 4.x and 3.x there are 16 Windows services that do not have quotes in the path name. These services are running with local admin rights, and are initiated with a registry key. This path may permit a user to place an executable that provides local admin rights.

Vulnerability:
If a user were to replace one of the executables with a different program, that program too would be executed with local admin or local system permissions.

Impact / Risk:
The issue occurs only if an authenticated user (without admin privileges) is able to access the ISCV/Xcelera servers locally. By default, this is disabled, since only administrators have the ability access to the ISCV/Xcelera servers locally.

Mitigation / Workaround:
Both vulnerabilities can be mitigated by changing Windows settings. Instructions on how to change these settings are provided in attached Service Bulletin: ISCV and Xcelera Windows services vulnerabilities. This Service Bulletin is also available on InCenter.

Remediation (Fix):
Philips will fix this issue in the next software update: IntelliSpace Cardiovascular 3.2.0, to be released in October 2018. This version will be announced and become available to customers via the regular communication and distribution channels.

At this time, Philips has received no reports of exploitation of these vulnerabilities or incidents from clinical use that we have been able to associate with this problem, and no public exploits are known to exist that specifically target these vulnerabilities.

Philips recognizes that the security of our healthcare, personal health, and home consumer products and services are business critical for our customers. Philips has taken the lead in creating a Coordinated Vulnerability Disclosure policy, to collaborate with customers, security researchers, regulators and other agencies to help proactively identify, address and disclose potential vulnerabilities in a safe and effective manner.

Customers with questions regarding their specific Philips IntelliSpace Cardiovascular (ISCV) and Xcelera installations are advised to contact their local Philips service support team or their regional service support.

Philips IntelliVue Patient and Avalon Fetal Monitors (5-June-2018)

Publication Date: June 5, 2018

Update Date: June 5, 2018

As part of Philips’ Coordinated Vulnerability Disclosure Policy for the awareness and remediation of potential system security vulnerabilities, the company is proactively issuing an advisory concerning potential security vulnerabilities that may affect the Philips IntelliVue Patient and Avalon Fetal Monitors.

Philips has confirmed three potential security vulnerabilities. The first if successfully exploited may allow an unauthenticated attacker to access and write to memory (“write-what-where”) from an attacker-chosen device address within the same subnet. The second vulnerability if successfully exploited may allow an unauthenticated attacker to read memory from an attacker-chosen device address within the same subnet. The third vulnerability if successfully exploited exposes an “echo” service, in which an attacker-sent buffer to an attacker-chosen device address within the same subnet is copied to the memory stack with no boundary checks, hence potentially resulting in a stack overflow. If exploited, these vulnerabilities may allow an attacker to read/write memory, and/or induce a denial of service through a system restart, thus potentially leading to a delay in diagnosis and treatment of patients.

These vulnerabilities are not exploitable remotely and cannot be exploited without an attacker first attaining local area network (LAN) access to the medical device. Exploiting these vulnerabilities also requires significant technical knowledge and skill in addition to local area network (LAN) access.

At this time, Philips has received no reports of exploitation of these vulnerabilities or incidents from clinical use that we have been able to associate with this problem, and no public exploits are know to exist that specifically target these vulnerabilities.

In order for customers of affected devices to mitigate exposure to these vulnerabilities, Philips recommends following the device’s labeling, including Instructions for Use and Service Guide(s), which provide compensating controls to mitigate these vulnerabilities. Philips is working to issue a software update for the Philips IntelliVue Patient and Avalon Fetal Monitors to address these vulnerabilities. For IntelliVue Patient Monitor, the anticipated patch release date is projected to be Q2 2018 for the current release, and Q3 for older software revisions J through L. For Avalon Fetal Monitor, the anticipated patch release date is projected to be Q3 2018 for Revisions G.0 and J.3. The timing and release of the patches are contingent on verification and validation of the patches and any potentially required regulatory approval.

Philips, in collaboration with security researchers from Medigate, has reported these potential vulnerabilities and their resolution to customers and the appropriate government agencies, including U.S. DHS/ICS-CERT, which is issuing an advisory.

Philips recognizes that the security of our healthcare, personal health, and home consumer products and services are business critical for our customers. Philips has taken the lead in creating a Coordinated Vulnerability Disclosure policy, to collaborate with customers, security researchers, regulators and other agencies to help proactively identify, address and disclose potential vulnerabilities in a safe and effective manner.

Customers with questions regarding their specific Philips IntelliVue Patient or Avalon Fetal Monitor installations are advised by Philips to contact their local Philips service support team or their regional service support.

Orangeworm and Kwampirs Issue (24-APR-2018)

Publication Date: April 24, 2018

Update Date: April 24, 2018

Overview

A known cyber-attacker group known as Orangeworm is reportedly targeting US, Europe and Asia healthcare organizations with malware known as Kwampirs. The group was identified in 2015 when it was reported to have conducted targeted attacks against organizations in related industries, such as healthcare providers, pharmaceutical, IT solutions providers for healthcare and equipment manufacturers. At the time of this advisory, 40 percent of Orangeworm's confirmed target organizations operate within the healthcare sector and 17 percent of the healthcare organizations were located in the US.

Technical details

Once Orangeworm has infiltrated a victim's network, they deploy Trojan.Kwampirs, a backdoor malware program that provides attackers with remote access to a compromised computer. When executed, Kwampirs decrypts and extracts a copy of its main DLL payload from its resource section. Before writing the payload to disk, it inserts a randomly generated string into the middle to the decrypted payload in an attempt to evade hash-based detections. To ensure persistence, Kwampirs creates a service with the following configuration to ensure that the main payload is loaded into memory upon system reboot:

The backdoor also collects some rudimentary information about the compromised computer including some basic network adapter information, system version information, and language settings. The Kwampirs backdoor Trojan then attempts to aggressively copy itself across open network shares to infect other computers.

What you can do

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips policy and regulatory requirements, all changes of configuration or software to Philips products are implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. If a product does require updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation is produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.

Industry best practice for network security and defense (Please ensure these are in accordance with your product documentation):

Employ regular updates to applications and the host operating system to ensure protection against known vulnerabilities.
Implement a least-privileges policy on the Web server to:

o Reduce adversaries’ ability to escalate privileges or pivot laterally to other hosts.

o Control creation and execution of files in particular directories.

If not already present, consider deploying a demilitarized zone (DMZ) between the Web-facing systems and corporate network. Limiting the interaction and logging traffic between the two provides a method to identify possible malicious activity.
Ensure a secure configuration of Web servers. All unnecessary services and ports should be disabled or blocked. All necessary services and ports should be restricted where feasible. This can include whitelisting or blocking external access to administration panels and not using default login credentials.
Utilize a reverse proxy or alternative service to restrict accessible URL paths to known legitimate ones.
Establish, and backup offline, a “known good” version of the relevant server and a regular change-management policy to enable monitoring for alterations to servable content with a file integrity system.
Employ user input validation to restrict local and remote file inclusion vulnerabilities.
Conduct regular system and application vulnerability scans to establish areas of risk. While this method does not protect against zero day attacks, it will highlight possible areas of concern

Customers entitled by service-contract to use Philips InCenter are encouraged to request and attain InCenter access and reference product-specific information posted on Philips InCenter. All customers with and without service contracts are encouraged to contact their local service support team or regional product service support as needed for current information specific to their products or Philips deployed installations as information becomes available.

Customer Service Solutions

Philips CT Imaging System Vulnerabilities (1-MAY-2018)

Publication Date: May 1, 2018

Update Date: October 10, 2019

• Brilliance 64 version 2.6.2 and below

• Brilliance iCT versions 4.1.6 and below

• Brillance iCT SP versions 3.2.4 and below

• Brilliance CT Big Bore 2.3.5 and below

• MX8000 Dual EXP Systems (CWE-798 only)

Philips has confirmed that the potential security vulnerability, if successfully exploited, may allow an attacker to gain unauthorized access to elevated privileges and/or restricted system resources and information. This vulnerability is not exploitable remotely and cannot be exploited without user interaction, and an attacker would need local access to the kiosk environment of the medical device to be able to implement the exploit.

At this time, Philips has received no reports of exploitation of this vulnerability or incidents from clinical use that have been associated with the vulnerability.

Philips has identified the following guidance and mitigations:

• Users should operate all Philips deployed and supported CT products within Philips authorized specifications, including Philips approved software, software configuration, system services, and security configuration such as firewall operations.

• Philips also recommends customers implement a comprehensive, multi-layered strategy to protect their systems from internal and external security threats, including restricting physical access of the scanner to only authorized personnel, thus reducing the risk of physical access being compromised by an unauthorized user.

• Philips has also remediated hard-coded credential vulnerabilities for all Brilliance iCT 4.x and above versions. The Philips iCT-iPatient (v4.x) family Instructions for Use (IFU) refers to the ability to manage credentials and is accessible from Philips In.Center at https://incenter.medical.philips.com for entitled users.

• Since the MX8000 Dual EXP has been out of support since 2017, Philips recommends a replacement based on customer need.

Philips has reported this potential vulnerability and mitigations to customers and the appropriate government agencies, including ICS-CERT, which is issuing an advisory update.

Customers with questions regarding their specific Philips CT installations are advised by Philips to contact their local Philips service support team or their regional service support. Philips contact information is available at the following location: https://www.usa.philips.com/healthcare/solutions/customer-service-solutions

Philips iSite and IntelliSpace PACS Vulnerabilities (28-MAR-2018)

Publication Date: March 28, 2018

Update Date: March 28, 2018

As part of Philips’ Responsible Disclosure Policy for the awareness and remediation of potential system security vulnerabilities, Philips is proactively issuing an advisory concerning potential vulnerabilities that may affect Philips iSite and IntelliSpace PACS (Picture Archiving and Communications Systems).

Philips has confirmed that Philips iSite and IntelliSpace PACS contain security vulnerabilities that under certain specific conditions could impact or potentially compromise patient confidentiality, system integrity, and/or system availability. To remediate the risk of these identified vulnerabilities, Philips is offering customers a number of potential options to select, based on their requirements.

Philips’ analysis has shown that these issues, if fully exploited may allow attackers of low skill to provide unexpected input into the application, execute arbitrary code, alter the intended control flow of the system, access sensitive information, or potentially cause a system crash. Philips has identified that some of the affected vulnerabilities could be attacked remotely. Exploits that could target some of the vulnerabilities are known to be publicly available.

In addition, in 2016 Philips announced software updates and has controlling mitigations on the affected PACS systems to further limit the risk and exploitability of these vulnerabilities. The Philips iSite 3.6 platform is currently at its end of life (EoL) and end of service (EoS).

Philips recommends three paths that customers may select depending on their particular situation, which are offered by Philips at no charge for full service delivery model contracts:

The simplest and most straightforward option is to enroll in Philips recurring patching program, this will remediate 86% of all known vulnerabilities.
A more robust option is to enroll in Philips recurring patching program and updating system firmware. This option will remediate 87% of all known vulnerabilities including all known critical vulnerabilities.
The most robust option by Philips is to enroll in the recurring patching program and update system firmware and upgrade to IntelliSpace PACS 4.4.55x with Windows operating system 2012, which addresses product hardening. This option remediates 99.9% of all the known vulnerabilities including all critical vulnerabilities.

Philips will continue to add cybersecurity vulnerability remediation improvements through our Secure Development Lifecycle (SDL) as threats continue.

Philips has reported these potential vulnerabilities and its resolution to customers and the appropriate government agencies, including US DHS ICS-CERT, which is issuing an advisory.

Customer Service Solutions

Philips Alice 6 System Vulnerabilities (26-MAR-2018)

Publication Date: March 26, 2018

Update Date: March 26, 2018

As part of Philips’ Responsible Disclosure Policy for the awareness and remediation of potential system security vulnerabilities, the company is proactively issuing an advisory concerning a potential, low-risk security vulnerability that may affect the Philips Alice 6 Polysomnography System (PSG).

Philips has identified hard-coded credentials and clear text storage and transmission of patient personal health information vulnerabilities in Philips Alice 6 devices. Philips has updated product documentation and will release a new version that mitigates these vulnerabilities. These vulnerabilities could potentially be exploited remotely.

Successful exploitation may allow an attacker to gain visibility to usernames/passwords and personal data. Insufficient encryption and cryptographic integrity checks can lead to altered, corrupted, or disclosed personal data. Disclosure of personal data can occur by replacing a trusted node with a malicious node.

Philips is scheduled to release a new product version and supporting product documentation in December 2018. For all users of Alice 6 version up through R8.0.2, Philips will make an update available. This update will introduce HTTPS for remote connections and eliminates hardcoded/fixed password vulnerabilities.

Philips will provide users with notification of the availability of the update. Users will be able to apply the update without Philips assistance.

Philips recognizes that the security of our healthcare, personal health, and home consumer products and services are business critical for our customers. Philips has taken the lead in creating a Responsible Disclosure policy, to collaborate with customers, security researchers, regulators and other agencies to help proactively identify, address and disclose potential vulnerabilities in a safe and effective manner.

Users with questions regarding their specific Alice 6 solutions are advised by Philips to contact their local Philips service support team or regional service support.

Philips IntelliSpace Cardiovascular Vulnerabilities (24-JAN-2018)

Publication Date: January 24, 2018

Update Date: January 24, 2018

Philips has confirmed the findings of a customer submitted complaint of a vulnerability affecting versions 2.3.0 and earlier of the Philips IntelliSpace Cardiovascular (ISCV) cardiac image and information management system. If the IntelliSpace Cardiovascular system is used with an Electronic Medical Record (EMR) in Kiosk mode configured with Windows authentication, there is a possibility that the user may not be properly logged out if the browser is not closed at the end of software use. As a result, a subsequent user of the EMR system, who launches ISCV, will be logged in with the credentials of the previous user. This reported vulnerability may allow an attacker to gain unauthorized access to sensitive information stored on the system and modify this information.

Philips advises users to close the browser at the end of each session, rather than only logging out, to mitigate this potential issue, or to change the authentication configuration to use encrypted logon from the EMR. In this configuration, Windows authentication is not used therefore the vulnerability is not applicable.

At this time, Philips has received no reports of exploitation of this vulnerability or incidents from clinical use that have been able to associate with this problem. The 3.1.0 version of the software will remediate the issue.

Customers with questions regarding their specific ISCV or Xcelera installation should contact their local Philips service support team or their regional service support. In alignment with Philips’ Responsible Disclosure Policy and U.S. FDA Post-Market requirements, Philips worked with the customer who submitted the vulnerability observation and appropriate government agencies to draft and distribute a public security advisory concerning this vulnerability.

Meltdown & Spectre Global Security Issue (05-JAN-2018)

Publication Date: January 5, 2018
Update Date: February 28, 2018

Philips is currently monitoring and actively testing updates related to the recently discovered Meltdown and Spectre global security vulnerabilities. As part of the company’s product security policy and protocols, Philips’ global product security team is actively evaluating potential impacts on Philips solutions. At this time, Philips has not received reports of these vulnerabilities affecting clinical use of company products.

Meltdown and Spectre are two techniques researchers have discovered that circumvent protections exposing nearly any data the computer processes, such as passwords, proprietary information, or encrypted communications. These security vulnerabilities have been globally reported as known issues with Intel, AMD and ARM chips and are not linked to specific individual products or implementations. These flaws are forcing a redesign of the kernel software present in Windows, Mac, and Linux operating systems present on machines running Intel, AMD and ARM chips.

Meltdown allows malicious programs to gain access to higher-privileged parts of a computer's memory, while Spectre steals data from the memory of other applications running on a machine. Currently researchers say that Meltdown is limited to Intel chips, and Spectre attacks Intel, AMD, and ARM processors. Threat actors need access to an enterprise network or a network connection to a specific device to exploit the vulnerability. There are no examples of either exploits in the wild or weaponization of an exploit at this time.

Microsoft has released updates to help mitigate these vulnerabilities. A Linux patch is also currently available. Testing and implementation of these patches by third parties including cloud service providers is reportedly currently underway. As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips products and solutions for potential impacts from these reported vulnerabilities and validating actions. Philips is also monitoring for OS updates related to these vulnerabilities and evaluating for further actions or updates to potentially affected Philips products.

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips policy and regulatory requirements, all changes of configuration or software to Philips products (including operating system security updates and patches) are implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions. If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation is produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.

Philips IntelliSpace Portal Vulnerabilities (26-FEB-2018) (Updated 18-APR-2018)

Publication Date: February 26, 2018

Update Date: April 18, 2018

As part of Philips’ Responsible Disclosure Policy for the awareness and remediation of a potential system security vulnerability, the company issued a proactive advisory concerning potential issues with Versions 8.0.x and 7.0.x of the Philips IntelliSpace Portal clinical imaging visualization and analysis solution. NOTE: no incidents of security breach have been reported as a result of these potential vulnerabilities.

Upon disclosing the advisory, it was subsequently published by ICS-CERT – Industrial Control Systems Cyber Emergency Response Team (Advisory ICSMA-18-058-02 Release Date: February 27, 2018), consisting of 6 identified potential issues.

Philips is providing you with more detailed information about the nature of the potential issues reported, the assessment of security vulnerabilities related to these issues, and the mitigation plan to address them.

Below are the potential issues, as reported, with a brief explanation about the source of the issue, and mitigation plan:

ICS-CERT DESCRIPTION

REASON/RESPONSE

MITIGATION

INFORMATION EXPOSURE CWE-200

The ISP has multiple information exposure vulnerabilities that could allow an attacker to gain unauthorized access to sensitive information.

Follow Philips recommendations on installing Microsoft security updates.

Verify that MS17-010 - Security Update for Microsoft Windows SMB Server (4013389) is installed on the ISP system

PERMISSIONS, PRIVILEGES, AND ACCESS CONTROLS CWE-264

The ISP has multiple permission, privilege and access control vulnerabilities that could allow an attacker to gain unauthorized access and in some cases escalate their level of privilege or execute arbitrary code.

Access permissions and system configuration items should be reconfigured to assure tighter access control

Will be addressed in the next Service Pack*

LEFTOVER DEBUG CODE CWE-489

The ISP has a vulnerability where code debugging methods are enabled, which could allow an attacker to remotely execute arbitrary code during runtime.

IMPROPER INPUT VALIDATION CWE-20

The ISP has multiple input validation vulnerabilities that could allow a remote attacker to execute arbitrary code or cause the application to crash.

UNQUOTED SEARCH PATH OR ELEMENT CWE-428

An unquoted search path or element vulnerability has been identified, which may allow an authorized local user to execute arbitrary code and escalate their level of privileges.

Parts of ISP legacy code is based on previous software security standards. Current software practices will be in line with updated security standards

Will be addressed in the next Service Pack*

CRYPTOGRAPHIC ISSUES CWE-310

The ISP has multiple cryptographic vulnerabilities that could allow an attacker to gain unauthorized access to resources and information

Current ISP versions implement legacy encryption protocols. Next ISP service pack will include updated cryptographic protocols.
Customers shall use purchased or generated cryptographic certificate.

Software-related issues will be addressed in the next Service Pack
Make sure appropriate certificate is purchased or generated, and installed on the ISP system

*Philips is actively developing and planning to issue software updates to mitigate these potential issues:

• ISP 7.0 Corrective Version (Service Pack 4) is planned to be released by end-June, 2018

• ISP 8.0 Corrective Version (Service Pack 3) is planned to be released by end-December, 2018

Due to the nature of these issues, Philips recommends you follow the guidelines provided here:

1. To address INFORMATION EXPOSURE CWE-200 (High Risk) - Verify that MS17-010 - Security Update for Microsoft Windows SMB Server (4013389) is installed on the ISP system.

2. Due to the low probability and severity of compromise (risk assessment) of the other possible issues, Philips’ recommendation is to continue using the system until a corrective version/service pack is provided.

Customers with questions regarding their specific IntelliSpace Portal installations are advised by Philips to contact their local Philips service support team or their regional service support. Philips contact information is available at the following location:

https://www.usa.philips.com/healthcare/solutions/customer-service-solutions

Philips manufactures, sells and helps you maintain highly complex medical devices and systems. Per policy, only Philips authorized changes are allowed to be made to these systems, either by Philips personnel or under Philips explicit published direction.

Please contact your Philips service representative for specific information about potential vulnerabilities and the availability of patches for your equipment configuration.