ICS-CERT Advisory on New Vulnerability in Philips iSite and IntelliSpace PACS

ICS-CERT released a bulletin concerning a medium severity vulnerability found in Philips iSite and IntelliSpace PACS. All versions of iSite PACS and IntelliSpace PACS are affected by the weak password vulnerability. If the vulnerability is exploited by hackers, the integrity, confidentiality and availability of a system component could be affected.

The vulnerability – CVE-2018-17906 (CWE-521) – involves the use of default credentials and insufficient authentication in a third-party software program. Even a hacker with a low level of skill could exploit the vulnerability. However, the possibility of exploitation is restricted because the attacker would first need to gain access to the local network.

The vulnerability was reported to Philips by a user, and Philips notified NCCIC. A CVSS v3 base rating of 6.3 has been assigned to the vulnerability. To prevent hackers from exploiting the vulnerability, healthcare organizations should only allow authorized personnel to access the vulnerable iSite and IntelliSpace PACS systems and standard security best practices should be followed.

Philips’ advice is to run IntelliSpace PACS installations only in managed service environments that adhere to NCCIC instructions. To minimize the possibility of hackers exploiting the vulnerability the following actions should be taken:

• Make sure the Philips iSite and IntelliSpace PACS are not accessible over the Internet
• Separate iSite and IntelliSpace PACS from the other networks
• Position iSite and IntelliSpace PACS behind a firewall

Through the managed service environment, automated anti-virus protection is provided by Philips and networks are scanned and threats are automatically mitigated. Phillips additionally has a monthly patch program to fix identified vulnerabilities promptly. Philips has also taken the opportunity to remind users that the iSite 3.6 platform has reached end of its life and end of service.