Primary

Context

Philips Intellispace Cardiovascular Authentication Bypass Vulnerability Allowing Replay Attacks

Vulnerability

Patched

An authentication bypass vulnerability has been identified in Philips Intellispace Cardiovascular (ISCV) versions 5.1 and prior. This flaw arises from the Windows login process, where an AuthContext token can be exploited to bypass authentication and replay the session of a logged-in user, potentially granting access to sensitive patient records.

Impact

Exploitation of this vulnerability could allow an attacker to bypass authentication and replay the session of a logged-in ISCV user, gaining access to patient records.

Remediation

Philips Intellispace Cardiovascular users are advised to upgrade to version 5.2 or later. For information on how to initiate this upgrade process, contact a local Philips sales or service representative. Managed services users will receive new releases upon resource availability, subject to country-specific regulations.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

7.0

remediation

7.9

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Philips Intellispace Cardiovascular Authentication Bypass Vulnerability Allowing Replay Attacks

Vulnerability

Impact

Remediation

Affected Products

Philips Intellispace Cardiovascular

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating