Philips IntelliSpace Perinatal Privilege Escalation Vulnerability

Philips Healthcare has released details of a privilege escalation vulnerability affecting their IntelliSpace Perinatal obstetrics information management system. A local unauthenticated user could exploit this vulnerability to extract information, execute files, or alter system configurations.

Threat ID:: CC-3272
Category:
Threat Severity:: Low
Threat Vector:
Published:: 30 October 2019 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Threat details

A local unauthenticated user could exploit this vulnerability to extract information, execute files, or alter system configurations. The vulnerability is a result of the IntelliSpace Perinatal application server not sufficiently limiting exposure of it's own resources. An attacker with physical access or using a remote desktop host could exploit this to gain access to both the application server and the underlying operating system (typically Microsoft Windows). Patient identifiable information can also be accessed if the Document Export (DOX) functionality is enabled on the application server.

For further information:

Remediation steps

Type	Step
	At the publication, Philips have not confirmed if updates will be made available for the affected versions of IntelliSpace Perinatal. However, they have recommended affected organisations take the following actions to partially mitigate the threat: Operate all deployed and supported Philips IntelliSpace Perinatal products within Philips authorised specifications, including Philips approved software, software configuration, system services, and security configuration. Further guidance can be found in the Philips Site Preparation and IT Specification Guide available through their InCenter portal. Ensure the Philip System Check Tool, available through InCenter, is run during installation to ensure proper system configuration, including suitable firewall rules. Ensure operating systems accounts used by IntelliSpace Perinatal have the most restricted privileges necessary for their operation. Care should also be taken to restrict access to the systems running IntelliSpace Perinatal applications. Install IntelliSpace Perinatal applications on a dedicated server with no unnecessary services or drivers installed. IntelliSpace Perinatal databases should installed on a separate dedicated server. Disable DOX by default on IntelliSpace Perinatal systems unless expressly required. If DOX is enabled, ensure only approved accounts are provided access.

Type

Step

At the publication, Philips have not confirmed if updates will be made available for the affected versions of IntelliSpace Perinatal. However, they have recommended affected organisations take the following actions to partially mitigate the threat:

Operate all deployed and supported Philips IntelliSpace Perinatal products within Philips authorised specifications, including Philips approved software, software configuration, system services, and security configuration. Further guidance can be found in the Philips Site Preparation and IT Specification Guide available through their InCenter portal.
Ensure the Philip System Check Tool, available through InCenter, is run during installation to ensure proper system configuration, including suitable firewall rules.
Ensure operating systems accounts used by IntelliSpace Perinatal have the most restricted privileges necessary for their operation. Care should also be taken to restrict access to the systems running IntelliSpace Perinatal applications.
Install IntelliSpace Perinatal applications on a dedicated server with no unnecessary services or drivers installed. IntelliSpace Perinatal databases should installed on a separate dedicated server.
Disable DOX by default on IntelliSpace Perinatal systems unless expressly required. If DOX is enabled, ensure only approved accounts are provided access.

CVE Vulnerabilities

Status

CVE-2019-13546

Last edited: 14 February 2020 2:57 pm