Vulnerability identifier: #VU21105

Vulnerability risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13534

CWE-ID: CWE-494

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
IntelliVue MX600
Hardware solutions / Medical equipment
IntelliVue MX700
Hardware solutions / Medical equipment
IntelliVue MX800
Hardware solutions / Medical equipment
IntelliVue MPX2
Hardware solutions / Medical equipment
IntelliVue MP2
Hardware solutions / Medical equipment
IntelliVue MP5SC
Hardware solutions / Medical equipment
IntelliVue MP5
Hardware solutions / Medical equipment
IntelliVue MP90
Hardware solutions / Medical equipment
IntelliVue MP80
Hardware solutions / Medical equipment
IntelliVue MP70
Hardware solutions / Medical equipment
IntelliVue MP60
Hardware solutions / Medical equipment
IntelliVue MP50
Hardware solutions / Medical equipment
IntelliVue MP40
Hardware solutions / Medical equipment
IntelliVue MP30
Hardware solutions / Medical equipment
IntelliVue MP20
Hardware solutions / Medical equipment

Vendor: Philips

Description

Mitigation
This vulnerability was fixed only in the WLAN Version C.

Vulnerable software versions

IntelliVue MX600: A.01.09

IntelliVue MX700: A.01.09

IntelliVue MX800: A.01.09

IntelliVue MPX2: A.01.09

IntelliVue MP2: A.01.09

IntelliVue MP5SC: A.03.09

IntelliVue MP5: A.03.09

IntelliVue MP90: A.03.09

IntelliVue MP80: A.03.09

IntelliVue MP70: A.03.09

IntelliVue MP60: A.03.09

IntelliVue MP50: A.03.09

IntelliVue MP40 : A.03.09

IntelliVue MP30: A.03.09

IntelliVue MP20: A.03.09

External links
http://www.us-cert.gov/ics/advisories/icsma-19-255-01

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.