Two vulnerabilities have surfaced in various versions of Philips cardiovascular imaging devices. The first vulnerability (CVE-2018-14787) is rated as a high severity vulnerability which affects Philip’s IntelliSpace Cardiovascular and Xcelera Intellispace Cardiovascular products (ISCV). This vulnerability is due to improper privilege management and only requires a low skill level to exploit. An attacker with escalated privileges could gain access to folders that potentially contain executables which would allow authenticated users to write permissions on Xcelera Version 4.1 or prior, and ISCV software version 2.X or prior. The second vulnerability (CVE-2018-14789) affects Xcelera Version 4.1 or prior, and ISCV version 3.1 or prior. According to Philips, “the servers for ISCV version 2.x and earlier and Xcelera 3x — 4.x contain 20 Windows services of which executables are present in a folder where authenticated users are granted write permissions.” The services run as a local admin account or local system account. If a user replaced one of the executables with a different program, the program would be executed with local system or local admin permissions. In ISCV version 3.X and prior along with Xcelera 3.X-4.X, there are 16 Windows services that do not contain quotes in the path name. The services run with local admin rights and can be launched with a registry key. This could potentially offer the attacker a route to place an executable that grants local admin rights. These bugs cannot be exploited remotely and have not yet been seen exploited in the wild. Philips will release a patch in October for the issues. Users are advised to restrict available permissions.
