CVE-2018-10597 in Patient Monitor
Summary
by MITRE
IntelliVue Patient Monitors MP Series (including MP2/X2/MP30/MP50/MP70/NP90/MX700/800) Rev B-M, IntelliVue Patient Monitors MX (MX400-550) Rev J-M and (X3/MX100 for Rev M only), and Avalon Fetal/Maternal Monitors FM20/FM30/FM40/FM50 with software Revisions F.0, G.0 and J.3 have a vulnerability that allows an unauthenticated attacker to access memory ("write-what-where") from an attacker-chosen device address within the same subnet.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/15/2020
The vulnerability identified as CVE-2018-10597 affects a range of IntelliVue patient monitors manufactured by Philips Healthcare, specifically targeting the MP Series monitors including MP2/X2/MP30/MP50/MP70/NP90/MX700/800 with software revisions B through M, along with MX series monitors MX400-550 at revisions J through M, and Avalon fetal/maternal monitors FM20/FM30/FM40/FM50 with software revisions F.0, G.0, and J.3. This security flaw represents a critical memory corruption vulnerability that enables unauthorized remote access to system memory through a write-what-where attack pattern. The vulnerability exists within the network communication protocols of these medical devices, which are designed to operate within hospital network environments where patient safety and data integrity are paramount.
This vulnerability stems from improper input validation and memory management within the device's network stack implementation, allowing an attacker positioned within the same network subnet to exploit a memory access flaw without requiring authentication credentials. The write-what-where mechanism enables an attacker to write data to arbitrary memory locations, potentially leading to arbitrary code execution or system compromise. The attack vector is particularly concerning because it does not require authentication, making it accessible to any device within the same network segment that can communicate with the vulnerable monitors. This aligns with CWE-787: "Out-of-bounds Write" and CWE-121: "Stack-based Buffer Overflow" classifications, which describe memory corruption vulnerabilities that can be exploited to gain unauthorized system access. The vulnerability's impact is amplified by the critical nature of patient monitoring equipment, where system compromise could potentially endanger patient lives.
The operational impact of this vulnerability extends beyond simple data access, as it creates a potential pathway for attackers to manipulate patient monitoring data, disrupt critical healthcare services, or gain deeper access to hospital network infrastructure. Medical devices in healthcare environments are often connected to critical network segments that may contain sensitive patient data and other critical systems. An attacker exploiting this vulnerability could potentially modify monitoring parameters, alter patient data, or even cause device malfunctions that could compromise patient safety. The vulnerability's presence within devices that monitor vital patient parameters makes it particularly dangerous as it could be used to manipulate life-critical information without detection. According to ATT&CK framework, this vulnerability maps to T1071.004: "Application Layer Protocol: DNS" and T1046: "Network Service Scanning" as attackers would need to identify vulnerable devices and potentially establish persistent access to exploit the memory corruption flaw effectively.
Organizations deploying these vulnerable devices should implement immediate network segmentation to isolate patient monitoring equipment from general network traffic, particularly ensuring that these devices are not directly accessible from clinical workstations or administrative networks. Network access controls should be implemented to limit communication to only necessary services and devices, with strict firewall rules preventing unauthorized access attempts. Device firmware updates should be applied immediately upon availability from Philips Healthcare, as these patches typically address the underlying memory management issues that enable the write-what-where attack. Regular network monitoring should be implemented to detect unusual communication patterns or attempts to access these devices from unauthorized locations. Additionally, healthcare organizations should conduct comprehensive vulnerability assessments to identify all instances of these devices within their network infrastructure, as the vulnerability affects multiple product lines and software revisions, requiring careful inventory management to ensure complete remediation across all affected equipment.