Threat Intel: Philips Interventional Workstation Vulnerability Exposed

OS Command Injection Enables Remote Shut Down
Cynerio
Jan 20, 2021
Threat Intelligence

Vulnerability Information

CISA released ICS Medical Advisory (ICSMA-21-019-01) on January 19, 2021, detailing a newly discovered vulnerability in Philips Interventional Workstation products. The vulnerability has been assigned CVE-2020-27298 and a CVSS v3 base score of 6.5. It can be exploited by bad actors with low skill levels. 

The vulnerable software builds whole or partial OS commands using external input from upstream components. When exploited, the commands may not neutralize, or may incorrectly neutralize special elements sent to downstream components, effectively altering the original OS command.

Clinical Impact

Device function can be tampered with, compromising the integrity of patient data.

Devices Affected

This vulnerability affects Haswell workstations with the following 12NC identification numbers: 

  • 4598 009 39471
  • 4598 009 39481
  • 4598 009 70861
  • 4598 009 98531

Devices are vulnerable when they run the following interventional software versions:

  • Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1.4.5)
  • Coronary Tools/Dynamic Coronary Roadmap/Stentboost Live (Release 1.0)
  • ViewForum (Release 6.3V1L10)

What Can You Do to Mitigate the Risk?

Contact Philips support and schedule a service appointment--they’ve already released a software patch. While you’re waiting, you should:

  1. Tighten physical security and access controls
  2. Disable any accounts and services that aren’t absolutely required

How Can Cynerio Help In the Meantime?

Cynerio can identify all affected devices on your network and help you implement proactive and preemptive mitigating controls, with:

  1. Continuous, real-time network monitoring for anomalous activity
  2. Vulnerability identification to flag all affected devices
  3. Custom segmentation policies to limit lateral movement and unauthorized connections with external sources 

Some Other Helpful Resources

CISA Advisory 

Philips Support Services


Keep your finger on the pulse of Healthcare IoT security

Get Your Free Pass to HIMSS21

August 9 -13, Las Vegas

HOW? Easy! If you are a Healthcare IT Executive and you book a 30-minute call with us before July 30th, you get a free pass (valued at $1295)

Book a Call

*Please note that there is limited pass availability