Skip to main content
CybersecurityHealthcare

Philips Intellispace Cardiovascular Solutions

Philips Intellispace Cardiovascular Solutions

1. EXECUTIVE SUMMARY

  • CVSS v4 8.5
  • ATTENTION: Low attack complexity
  • Vendor: Philips
  • Equipment: Intellispace Cardiovascular (ISCV)
  • Vulnerabilities: Improper Authentication, Use of Weak Credentials

2. RISK EVALUATION

The vulnerabilities identified in Philips Intellispace Cardiovascular (ISCV) solutions pose significant risks to patient data security. Successful exploitation could allow an attacker to replay the session of a logged-in ISCV user, potentially granting unauthorized access to sensitive patient records. This could lead to severe privacy violations, regulatory repercussions, and loss of trust in healthcare systems.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

Philips has identified the following versions of Intellispace Cardiovascular (ISCV) as affected by the vulnerabilities:

  • Intellispace Cardiovascular (ISCV): Version 4.1 and prior (CVE-2025-2229)
  • Intellispace Cardiovascular (ISCV): Version 5.1 and prior (CVE-2025-2230)

3.2 VULNERABILITY OVERVIEW

3.2.1 IMPROPER AUTHENTICATION CWE-287

A flaw exists in the Windows login flow where an AuthContext token can be exploited for replay attacks and authentication bypass. This vulnerability, tracked as CVE-2025-2230, has a CVSS v3.1 base score of 7.7 and a CVSS v4 score of 8.5, indicating a high severity level. The CVSS vector strings for these scores reflect the low attack complexity and high impact on confidentiality and integrity.

3.2.2 USE OF WEAK CREDENTIALS CWE-1391

This vulnerability arises from the creation of a token using the username, current date/time, and a fixed AES-128 encryption key, which is consistent across all installations. This lack of uniqueness makes the system susceptible to attacks. The vulnerability is tracked as CVE-2025-2229, with a CVSS v3.1 base score of 7.7 and a CVSS v4 score of 8.5.

3.3 BACKGROUND

  • CRITICAL INFRASTRUCTURE SECTORS: Healthcare and Public Health
  • COUNTRIES/AREAS DEPLOYED: Worldwide
  • COMPANY HEADQUARTERS LOCATION: Netherlands

3.4 RESEARCHER

The vulnerabilities were reported to Philips by researcher Joe Dillon, highlighting the importance of responsible disclosure in cybersecurity.

4. MITIGATIONS

Philips has recommended several mitigations to address the identified vulnerabilities:

  • CVE-2025-2230: Resolved in ISCV 4.2 build 20589, released in May 2019.
  • CVE-2025-2229: Resolved in ISCV 5.2, released in September 2020.
  • Upgrade Recommendation: Users are advised to upgrade their ISCV installations to the latest version, which is 8.0.0.0 at the time of this publication.
  • Engagement with Philips: Users should contact a local Philips sales or service representative to initiate the upgrade process.
  • Managed Services: New releases will be made available based on resource availability and are subject to country-specific regulations.

For further details, users can refer to the Philips advisory.

The Cybersecurity and Infrastructure Security Agency (CISA) recommends additional defensive measures to minimize the risk of exploitation:

  • Network Exposure: Minimize network exposure for all control system devices, ensuring they are not accessible from the Internet.
  • Network Isolation: Locate control system networks and remote devices behind firewalls and isolate them from business networks.
  • Secure Remote Access: When remote access is necessary, use secure methods such as virtual private networks (VPNs), while recognizing that VPNs may have vulnerabilities and should be kept updated.

CISA emphasizes the importance of conducting proper impact analysis and risk assessment before deploying defensive measures. They also provide resources for control systems security best practices, which can be found on their website.

Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.

To protect against social engineering attacks, CISA recommends the following measures:

  • Email Safety: Do not click on web links or open attachments in unsolicited email messages.
  • Scam Awareness: Refer to resources on recognizing and avoiding email scams.
  • Phishing Awareness: Consult guidelines on avoiding social engineering and phishing attacks.

As of now, no known public exploitation specifically targeting these vulnerabilities has been reported to CISA, and these vulnerabilities are not exploitable remotely.

5. UPDATE HISTORY

  • March 13, 2025: Initial Publication