Skip to main content

Philips IntelliSpace Portal Vulnerabilities

Thirty five vulnerabilities have been discovered in Philips IntelliSpace Portal, a suite of clinical applications. Some of these vulnerabilities can be exploited by unauthenticated attackers.
Threat ID:
CC-2093
Category:
Exploit
Threat Severity:
Medium
Threat Vector:
Exploit
Published:
1 March 2018 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

Thirty five vulnerabilities have been discovered in Philips IntelliSpace Portal, a suite of clinical applications. Some of these vulnerabilities can be exploited by unauthenticated attackers.

Threat details

The vulnerabilities fall into several categories: improper input validation; information exposure; permission, privilege and access control; unquoted search path or element; leftover debug code; and cryptographic issues.

At the time of writing, Philips has announced that these issues will be solved in the newest software release for IntelliSpace Portal products, which is expected to be pushed out in the coming months.

For more information please see ICS-CERT advisory ICSMA-18-058-02.

Remediation steps

Type Step
  • Ensure that patches are applied as soon as they become available.
  • Minimize network exposure of the devices
  • Ensure that devices are not accessible from the Internet

Last edited: 17 February 2020 12:52 pm