Mitigations for Philips’ Monitoring System

Tuesday, August 21, 2018 @ 03:08 PM gHale

Philips has mitigations to handle a resource exhaustion vulnerability in its IntelliVue Information Center iX, according to a report with NCCIC.

Successful exploitation of this vulnerability, which a user reported to Philips and then to NCCIC, may result in a denial of service, the operating system will become unresponsive due to the network attack, which will affect the applications ability to meet the intended use.

RELATED STORIES
Yokogawa Fixes Buffer Overflow
Philips’ Cardiograph Update Plans Next Year
Tridium Mitigation Plan for Niagara
Emerson Patches DeltaV DCS Workstations

A real-time central monitoring system, Philips IntelliVue Information Center iX Versions B.02 and prior suffer from the remotely exploitable vulnerability.

In the vulnerability, an attacker may compromise the device’s availability by performing multiple initial UDP requests.

CVE-1999-0103 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 5.7.

The product sees use mainly in the healthcare and public health sectors. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. However, an attacker with low skill level could leverage the vulnerability.

Netherlands-based Philips has identified and put in place mitigations to reduce the risk of exploitation of this vulnerability. In order for users of affected devices to mitigate exposure to this vulnerability, Philips recommends following the device’s labeling, including instructions for use and service guide(s), which provide compensating controls.

Philips will provide the remediation in the form of a patch by the end of September for all PIIC iX B.02 users.

Click here for Philips’ contact information.

Click here for the Philips security advisory.



Leave a Reply

You must be logged in to post a comment.