Flaws Discovered in WLAN Firmware Used by Philips IntelliVue Portable Patient Monitors

Posted By on Sep 21, 2019 |

Two flaws have been discovered in Philips IntelliVue WLAN firmware which impact certain IntelliVue MP monitors. The flaws could be exploited by hackers to download malicious firmware which could affect data flow and lead to an inoperable condition warning at the device and Central Station.

Philips was made aware of the flaws by security expert Shawn Loveric of Finite State, Inc. and proactively released a security advisory to allow users of the affected products to take steps to address risk.

The flaws require a high level of skill to exploit in addition to log onto a vulnerable device’s local area network. Current mitigating controls will also restrict the chance of an attack. As such, Philips does not believe either vulnerability would impact clinical. Philips does not believe the flaws are being actively targeted.

The first flaw, tracked as CVE-2019-13530, is related to the use of a hard-coded password which could permit a hacker to remotely login via FTP and install malicious firmware. The second flaw, tracked as CVE-2019-13534, allows the installation of code or an executable file from a remote location without completing checks to verify the origin and integrity of the code. The flaws have each been given a CVSS v3 base score of 6.4 out of 10.

The following Philips products are impacted:

  • IntelliVue MP monitors MP20-MP90 (M8001A/2A/3A/4A/5A/7A/8A/10A)
    • WLAN Version A, Firmware A.03.09
  • IntelliVue MP monitors MP5/5SC (M8105A/5AS)
    • WLAN Version A, Firmware A.03.09, Part #: M8096-67501
  • IntelliVue MP monitors MP2/X2 (M8102A/M3002A)
    • WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C)
  • IntelliVue MP monitors MX800/700/600 ((865240/41/42)
    • WLAN Version B, Firmware A.01.09, Part #: N/A (Replaced by Version C)

WLAN Version B is now obsolete and is not going to be patched. Philips has warned customers to update to the WLAN Module Version C wireless module if they are using any of the patient monitors impacted by the flaws. WLAN Version C with current firmware of B.00.31 is not impacted by either flaw. Mitigating controls include the use of authentication and authorization via WPA2, putting in place a firewall rule on the wireless network, and ensuring physical controls are in place to control access to the system.

The vulnerability in WLAN Version A will be addressed with a patch which Philips plans to make available via Incenter by the end of 2019.

Author: Maria Perez