Threat Intel: Philips Interventional Workstation Vulnerability Exposed
CISA released ICS Medical Advisory (ICSMA-21-019-01) on January 19, 2021, detailing a newly discovered vulnerability in Philips Interventional Workstation products. The vulnerability has been assigned CVE-2020-27298 and a CVSS v3 base score of 6.5. It can be exploited by bad actors with low skill levels.
The vulnerable software builds whole or partial OS commands using external input from upstream components. When exploited, the commands may not neutralize, or may incorrectly neutralize special elements sent to downstream components, effectively altering the original OS command.
Device function can be tampered with, compromising the integrity of patient data.
This vulnerability affects Haswell workstations with the following 12NC identification numbers:
- 4598 009 39471
- 4598 009 39481
- 4598 009 70861
- 4598 009 98531
Devices are vulnerable when they run the following interventional software versions:
- Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5)
- Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0)
- ViewForum (Release 6.3V1L10)
What Can You Do to Mitigate the Risk?
Contact Philips support and schedule a service appointment--they’ve already released a software patch. While you’re waiting, you should:
- Tighten physical security and access controls
- Disable any accounts and services that aren’t absolutely required
How Can Cynerio Help In the Meantime?
Cynerio can identify all affected devices on your network and help you implement proactive and preemptive mitigating controls, with:
- Continuous, real-time network monitoring for anomalous activity
- Vulnerability identification to flag all affected devices
- Custom segmentation policies to limit lateral movement and unauthorized connections with external sources