Philips IntelliBridge Weak Encryption Vulnerability

Philips Healthcare has released details of an inadequate encryption strength (CWE-326) vulnerability affecting several of their IntelliBridge medical device interface system. They claim that an unauthorised user could exploit this vulnerability to execute applications, modify system settings, or access patient information.

Threat ID:: CC-3292
Category:
Threat Severity:: Low
Threat Vector:
Published:: 15 November 2019 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Threat details

They claim that an unauthorised user could exploit this vulnerability to execute applications, modify system settings, or access patient information. The vulnerability is a result of a misconfiguration of the IntelliBridge internal SSH server, allowing weak ciphers to be used. An attacker with access to the same network could then capture and replay sessions in order to access the affected systems

For further information:

CVE-2019-18241 - CVSS v3 6.3
ICS-CERT Medical Advisory ICSMA-19-318-01

Remediation steps

Type	Step
	Philips has confirmed that an update to address the vulnerability will be available by the end of Q3 2020. Affected organisations are encouraged to contact their relevant suppliers to acquire and apply this update. Philips has also recommended the following partial mitigations: Change the default IntelliBridge SSH password, or disable SSH functionality if it is not required. Operate all deployed and supported Philips IntelliBridge products within Philips authorised specifications, including Philips approved software, software configuration, system services, and security configuration. Ensure medical devices use a logically and physically separate network from other systems as specified Philips Patient Monitoring System Security for Clinical Networks guide, available via Philips InCenter.

Type

Step

Philips has confirmed that an update to address the vulnerability will be available by the end of Q3 2020. Affected organisations are encouraged to contact their relevant suppliers to acquire and apply this update.

Philips has also recommended the following partial mitigations:

Change the default IntelliBridge SSH password, or disable SSH functionality if it is not required.
Operate all deployed and supported Philips IntelliBridge products within Philips authorised specifications, including Philips approved software, software configuration, system services, and security configuration.
Ensure medical devices use a logically and physically separate network from other systems as specified Philips Patient Monitoring System Security for Clinical Networks guide, available via Philips InCenter.

CVE Vulnerabilities

Status

CVE-2019-18241

Last edited: 14 February 2020 2:59 pm