Philips is providing users potential options to remediate vulnerabilities found in its iSite and IntelliSpace PACS products, according to a report with ICS-CERT.
The vulnerabilities are predominantly in third-party components, Philips officials said.
These vulnerabilities affect all versions of iSite and IntelliSpace PACS.
If exploited, these vulnerabilities could impact or compromise patient confidentiality, system integrity, and/or system availability.
In addition, the vulnerabilities may allow attackers of low skill to provide unexpected input into the application, execute arbitrary code, alter the intended control flow of the system, access sensitive information, or potentially cause a system crash.
Philips has received no confirmed reports of patient harm and has received no complaints involving clinical use associated with these vulnerabilities.
Philips is a global company that maintains offices in several countries, including Africa, Asia, Europe, Latin America, the Middle East, and North America.
The affected products, Philips iSite and IntelliSpace PACS, are picture archiving communication systems supporting medical image management intended to be used by trained professionals, including but not limited to physicians, nurses and medical technicians.
The systems are software packages used with general purpose computing hardware to acquire, store, distribute, process and display medical images and associated data throughout a clinical environment. The software performs digital image processing, measurement, communication and storage. The Philips iSite 3.6 platform is currently at its end of life and end of service.
iSite and IntelliSpace PACS see action across the healthcare and public health sectors. Philips estimates these products are used in 30 countries around the world.
In one vulnerability, certain languages allow direct addressing of memory locations and do not automatically ensure these locations are valid for the memory buffer being referenced. This can cause read or write operations to be performed on memory locations that may be associated with other variables, data structures, or internal program data. As a result, an attacker may be able to execute arbitrary code, alter the intended control flow, read sensitive information, or cause the system to crash.
CVSS v3 base scores for these vulnerabilities range from 5.0 (medium) to 10.0 (critical).
In another series of issues, the software contains vulnerabilities typically introduced from code development or from the integration of third-party components that might typically be controlled, mitigated, or remediated during design, development, or implementation of the software.
Vulnerabilities identified from this category include common weakness, including: Data processing (CWE-19), improper input validation (CWE-20), security features (CWE-254), credentials management (CWE-255), not using password aging (CWE-262), permissions/privileges/access controls to restrict access to a resource from an unauthorized actor (CWE-264), authorization (CWE-284), insufficient authentication to fully confirm the claim of identity from an actor (CWE-287), cryptography (CWE-310), inadequate encryption strength (CWE-326), concurrent execution using shared resource with improper synchronization or ‘race condition’ (CWE-362), resource management errors (CWE-399), insufficient controls over system resource consumption (CWE-400), potential use of software memory buffers after the buffer has been freed/removed (CWE-416), NULL pointer dereference (CWE-476), unquoted search path or element (CWE-428), weak password requirements (CWE-521), and use of hard-coded credentials (CWE-798).
As a result, an attacker may be able to impact the confidentiality, integrity, and/or availability of the system by crafting unintended input into a form not expected by the rest of the application; altering control flow of the software, attaining access or control of unauthorized system resources, or causing arbitrary code execution. Moreover, an attacker could potentially direct over-utilization of limited system resources, thus enabling a denial-of-service attack.
CVSS v3 base scores for these vulnerabilities range from 2.1 (low) to 10.0 (critical).
In another vulnerability, an information exposure is the intentional or unintentional disclosure of information to an actor not explicitly authorized to have access to that information. As a result, an attacker may be able to read or enable unauthorized disclosure of sensitive information.
CVSS v3 base scores for these vulnerabilities range from 1.2 (low) to 7.5 (high).
Also, the software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. As a result, an attacker may be able to execute unauthorized instructions or code.
CVSS v3 base scores for these vulnerabilities range from 7.5 (high) to 10.0 (critical).
In addition, the software contains vulnerabilities within this category that include common weakness in improper neutralization of special elements used in an OS command or ‘OS command injection’ (CWE-78), failure to preserve web page structure or ‘cross-site scripting’ (CWE-79), improper authentication (CWE-287), improper certificate validation (CWE-295), clear text transmission of sensitive information (CWE-319), and insufficient session expiration (CWE-613). As a result, an attacker may be able to access unauthorized resources or execute unauthorized instructions or code.
CVSS v3 base scores for these vulnerabilities range from 2.0 (low) to 10.0 (critical).
In another issue, the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
As a result, an attacker may cause the system to read the contents of a local file, force the application to make outgoing requests to servers the attacker cannot reach directly, and bypass firewall restrictions or hide the source of attacks such as port scanning.
CVSS v3 base score for this vulnerability is 5.0 (medium).
The software contains other vulnerabilities from third parties including operating systems, networking equipment, and network time protocol that could enable an attacker to cause a denial-of-service, execute arbitrary code, inject network packets, obtain sensitive information, and/or gain unauthorized privileges to impact system confidentiality, integrity, or availability.
CVSS v3 base scores for these vulnerabilities range from 5.0 (medium) to 9.3 (critical).
Some of the affected vulnerabilities could be exploited remotely. Public exploits exist for some of these vulnerabilities, however, none are known to specifically target Philips iSite or IntelliSpace PACS. An attacker with a low skill level would be able to exploit these vulnerabilities.
Philips IntelliSpace PACS runs in a managed service environment to minimize the risk of exploitation (virtual private network, firewall isolation from other networks, no internet access). In addition, Philips employs an automated antivirus solution that continuously monitors and remediates threats across all systems in the managed service environment. Philips has a monthly recurring patch program in which all IntelliSpace PACS users are encouraged to participate.
In addition, in 2016 Philips released software updates and controlling mitigations on the affected PACS systems to further limit the risk and exploitability of these vulnerabilities.
Philips recommends three paths that users may select depending on their situation:
• The simplest and most straightforward option is to enroll in the Philips recurring patching program, which will remediate 86 percent of all known vulnerabilities.
• A more robust option is to enroll in the Philips recurring patching program and update system firmware. This option will remediate 87 percent of all known vulnerabilities including all known critical vulnerabilities.
• The most robust option by Philips is to enroll in the recurring patching program and update system firmware and upgrade to IntelliSpace PACS 4.4.55x with Windows operating system 2012, which addresses product hardening. This option remediates 99.9 percent of all the known vulnerabilities including all critical vulnerabilities.
Philips will continue to add cybersecurity vulnerability remediation improvements through its Secure Development Lifecycle (SDL) as threats continue.
Users with questions regarding their specific iSite/IntelliSpace PACS solutions contact their Customer Success Manager (CSM), local Philips service support team, or regional service support.
Click here for the Philips product security website for the latest security information.