Volerion logoVolerion
Volerion logoVolerion

Philips Intellispace Cardiovascular Improper Authentication and Use of Weak Credentials Vulnerability

Vulnerability

A vulnerability exists in Philips Intellispace Cardiovascular (ISCV) versions 4.1 and prior, as well as 5.1 and prior. The issue arises from improper authentication and the use of weak credentials, allowing for session replay attacks. Tokens are generated using the username, current date and time, and a fixed AES-128 encryption key that is consistent across all installations. This flaw could enable unauthorized access to patient records by exploiting the Windows login process.

Impact

Exploitation of this vulnerability could allow an attacker to replay the session of a logged-in ISCV user, bypass authentication, and gain access to patient records.

Remediation

Philips has released a patch for this vulnerability in ISCV version 4.2 build 20589, available since May 2019. For ISCV users, the latest version is 830089 - IntelliSpace Cardiovascular 8.0.0.0. Please contact a local Philips sales or service representative to initiate the upgrade process.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
2.5
exploitability
7.0
remediation
7.9
relevance
0.0
threat
0.0
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.