2 unpatched vulnerabilities identified in Philips IntelliBridge EC40 and EC80 Hub that are used to transfer data been medical devices

A Philips security alert reveals the discovery of two vulnerabilities in the IntelliBridge EC40 and IntellBridge EC80 hubs whose successful exploitation would allow threat actors to perform all kinds of malicious activities. As users may remember, Philips IntelliBridge EC40/80 hubs enable data transfer between medical devices in different formats. The hubs do not alter in any way the settings set by the professionals who use these devices.

Tracked as CVE-2021-32993, the first of these flaws exists due to the use of code-encoded credentials of the affected implementations. An unauthenticated remote threat actor could gain access by using these credentials.

The vulnerability received a score of 7.4/10 according to the Common Vulnerability Scoring System (CVSS) and its successful exploitation would allow the total compromise of the exposed systems. The risk increases considering that this vulnerability has not been addressed by the manufacturer.

Moreover, CVE-2021-33017 exists because affected systems have an alternate path or channel that does not require authentication for access, so local threat actors could access information that would otherwise be restricted.

The flaw received a CVSS score of 7.4/10 and, like CVE-2021-32993, lacks available security patches.

According to the report, the flaws reside in the following versions of the affected products:

  • IntelliBridge EC 40 C.00.04
  • IntelliBridge EC 80 C.00.04

Due to the absence of updates addressing these vulnerabilities, Philips issued some recommendations that operators of these hubs should adhere to in order to mitigate the risk of exploitation:

  • Use the device only within the specifications authorized by the manufacturer and with the recommended configurations
  • Isolate these devices from the hospital network, as there is no reason for these devices to have access to other areas of the computer network
  • Block access to the SSH port, as its use is not relevant to the medical processes related to the hub
  • Set a sufficiently secure SSH password and ensure that it is only used through physical access

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.