Wireless Access Point Management Issue in Philips IntelliVue MX40
CVE-2017-9658

6.5MEDIUM

Key Information:

Vendor
Philips
Status
Intellivue Mx40 Patient Worn Monitor
Vendor
CVE Published:
30 April 2018

Summary

The Philips IntelliVue MX40, when operating on Version B.06.18, is affected by a vulnerability that triggers unintended wireless access point blacklisting. This issue can lead to disconnection from designated Wi-Fi access points, forcing hospital staff to manually intervene to restore device functionality. The device may switch to an alternate access point or enter a local monitoring mode, awaiting reset. To address this concern, Philips has released an update that enhances handling of exceptional conditions and introduces alert mechanisms at both the MX40 and central monitoring station to notify when disconnections occur, thereby improving operational resilience.

Affected Version(s)

IntelliVue MX40 Patient Worn Monitor IntelliVue MX40 Patient Worn Monitor (WLAN only), all versions prior to Version B.06.18

References

https://www.usa.philips.com/healthcare/about/customer-sup...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/100813
vdb-entryx_refsource_BID
https://ics-cert.us-cert.gov/advisories/ICSMA-17-255-01
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.