Publication Date: May 15, 2019

Update Date: April 20, 2019
 

Begin Update G: April 20, 2020


Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to CVE-2019-0708. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

Analytics 1.1
IntelliSpace ECG Management System B.00 (IECG)*, **
Oncad
CompuRecord (F.02, G.00, and G.01)*
IntelliSpace PACS (4.4, 4.4.551, 4.4.553)***
PIIC Classic (L, M, N, N.01)**
Diagnostics Site Server (DSS)
IntelliSpace Perinatal Revision (H, J, K)*,**
PIIC iX (A.0, B.0, B.02)**
DynaCAD Breast and Prostate*
IntelliSpace Portal (ISP) Server& Workstation**
SensaVue HD & FMRI
DynaSuite Neuro 3*
IntelliVue Guardian Software*,**
ST80i A.02*,**
Efficia Central - SureSigns Monitor / CMS200
Invivo Esys
UDM (v1.1, 2.1)***
eICU*,**
ISEE**
UroNav (1.x/2.x)
Extended Brilliance Workspace (EBW)**
ISP Anywhere (v1.3)
Xcelera 4.1*
Forcare suite*
ISP VL Caputre 1.1 Visible Light (v1.1)
XIRIS (8.2, 8.3)
Holter Recorder DigiTrak XT (DTXT) *
Juno DRF (5.0-.6, 5.7)**
Xper IM*,**
IBE (B.02, B.03, B.04, B.05, B.06, B.07, B.08, B.09,  B.10)**
Lung Cancer Screening Solution*
XIRIS (8.2, 8.3)
ICCA (F, G)*,**
MicroDose L30 (8.0, 8.1, 8.2 P1, 8.3 P1, 8.4 P1 P2 P3)**
Xper IM*,**
IEM (v11.00, v11.01, v11.02, v11.03, v11.04)**
MicroDose SI L50 (9.0 P1, P2, P3, P4, P5)**
IntelliSpace Breast (v2.1, 2.2, 3.1, 3.2)
MicroDose SI U L50 U (9.0 P1, P2, P3, P4, P5)**
Intellispace Cardiovascular (ISCV)*,****
MR** Intera/Achieva/Ingenia/Multiva/Panorama 1.0T/Prodiva R5.3

*Software only products with customer owned Operating Systems

**Information or patch available in Incenter

***Philips hosting business validated and deployed the patch to the managed infrastructure

****Patch is tested and can be installed via the windows update mechanism
 

Note:
For customers who utilize the Remote Services Network (RSN, PRS), all Philips RSN systems are fully protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips service teams from providing any required immediate and proactive support such as remote patching.

Philips is continuing to assess the Microsoft patch for Philips’ products and services that use remote desktop services. Philips will use Incenter as the communication mechanism for necessary mitigation or remediation.
 

End Update G
 

Begin Update F: December 10, 2019
 

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to CVE-2019-0708. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

Analytics 1.1
IntelliSpace Breast (v2.1, 2.2, 3.1, 3.2)
MicroDose SI U L50 U (9.0 P1, P2, P3, P4, P5)**
CompuRecord (F.02, G.00, and G.01)*
Intellispace Cardiovascular (ISCV)*,****
MR**
Intera/Achieva/Ingenia/Multiva/Panorama 1.0T/Prodiva R5.3
Diagnostics Authoring Workspot (DAW)**
IntelliSpace ECG Management System B.00 (IECG)*, **
Oncad
Diagnostics Site Server (DSS)
IntelliSpace PACS (4.4, 4.4.551, 4.4.553)***
PIIC Classic (L, M, N, N.01)**
DynaCAD Breast and Prostate*
IntelliSpace Perinatal Revision (H, J, K)*,**
PIIC iX (A.0, B.0, B.02)**
DynaSuite Neuro 3*
IntelliSpace Portal (ISP) Server& Workstation**
SensaVue HD & FMRI
Efficia Central - SureSigns Monitor / CMS200
IntelliVue Guardian Software*,**
ST80i A.02*,**
eICU*,**
Invivo Esys
UDM (v1.1, 2.1)***
Extended Brilliance Workspace (EBW)**
ISEE**
UroNav (1.x/2.x)
Forcare suite*
ISP Anywhere (v1.3)
Xcelera 4.1*
Holter Recorder DigiTrak XT (DTXT) *
ISP VL Caputre 1.1 Visible Light (v1.1)
XIRIS (8.2, 8.3)
IBE (B.02, B.03, B.04, B.05, B.06, B.07, B.08, B.09,  B.10)**
Juno DRF (5.0-.6, 5.7)**
Xper IM*,**
ICCA (F, G)*,**
Lung Cancer Screening Solution*
IDM
MicroDose L30 (8.0, 8.1, 8.2 P1, 8.3 P1, 8.4 P1 P2 P3)**
IEM (v11.00, v11.01, v11.02, v11.03, v11.04)**
MicroDose SI L50 (9.0 P1, P2, P3, P4, P5)**

*Software only products with customer owned Operating Systems

**Information or patch available in Incenter

***Philips hosting business validated and deployed the patch to the managed infrastructure

****Patch is tested and can be installed via the windows update mechanism

 

Note:
For customers who utilize the Remote Services Network (RSN, PRS), all Philips RSN systems are fully protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips service teams from providing any required immediate and proactive support such as remote patching.

Philips is continuing to assess the Microsoft patch for Philips’ products and services that use remote desktop services. Philips will use Incenter as the communication mechanism for necessary mitigation or remediation.

 

End Update F

 

Begin Update E: September 11, 2019

 

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to CVE-2019-0708. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

Analytics 1.1
IntelliSpace Breast (v2.1, 2.2, 3.1, 3.2)
MicroDose SI L50 (9.0 P1, P2, P3, P4, P5)
CompuRecord (F.02, G.00, and G.01)*
Intellispace Cardiovascular (ISCV)*
MicroDose SI U L50 U (9.0 P1, P2, P3, P4, P5)
Diagnostics Authoring Workspot (DAW)**
IntelliSpace ECG Management System B.00 (IECG)*, **
MR Intera/Achieva/Ingenia/Multiva/Prodiva R5.3
Diagnostics Site Server (DSS)
IntelliSpace PACS (4.4, 4.4.551, 4.4.553)
PIIC Classic (L, M, N, N.01)**
Efficia Central - SureSigns Monitor / CMS200
IntelliSpace Perinatal Revision (H, J, K)*,**
PIIC iX (A.0, B.0, B.02)**
eICU*,**
IntelliSpace Portal (ISP) Server& Workstation**
ST80i A.02*,**
Extended Brilliance Workspace (EBW)**
IntelliVue Guardian Software*
UDM (v1.1, 2.1)
Forcare suite*
ISEE
Xcelera 4.1*
Holter Recorder DigiTrak XT (DTXT) *
ISP Anywhere (v1.3)
XIRIS (8.2, 8.3)
IBE (B.02, B.03, B.04, B.05, B.06, B.07, B.08, B.09,  B.10)**
ISP VL Caputre 1.1 Visible Light (v1.1)
Xper IM*
ICCA (F, G)**
Juno DRF (5.0-.6, 5.7)
IEM (v11.00, v11.01, v11.02, v11.03, v11.04)**
MicroDose L30 (8.0, 8.1, 8.2 P1, 8.3 P1, 8.4 P1 P2 P3)

*Software only products with customer owned Operating Systems

**Information or patch available in Incenter

 

Note:
For customers who utilize the Remote Services Network (RSN, PRS), all Philips RSN systems are fully protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips service teams from providing any required immediate and proactive support such as remote patching.

Philips is continuing to assess the Microsoft patch for Philips’ products and services that use remote desktop services. Philips will use Incenter as the communication mechanism for necessary mitigation or remediation.

 

End Update E

 

Begin Update D: August 15, 2019

 

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to CVE-2019-0708. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

CompuRecord (F.02, G.00, and G.01)*
IBE (B.02, B.03, B.04, B.05, B.06, B.07, B.08, B.09,  B.10)**
IntelliSpace Portal (ISP) Server& Workstation**
Diagnostics Authoring Workspot (DAW)**
ICCA (F, G)**
IntelliVue Guardian Software*
Efficia Central - SureSigns Monitor / CMS200
IEM (v11.00, v11.01, v11.02, v11.03, v11.04)**
MR Intera/Achieva/Ingenia/Multiva/Prodiva R5.3
eICU*,**
IntelliSpace Breast

PIIC Classic (L, M, N, N.01)**

PIIC iX (A.0, B.0, B.02)**

Extended Brilliance Workspace (EBW)**
Intellispace Cardiovascular (ISCV)*
ST80i A.02*,**
Forcare suite*
IntelliSpace ECG Management System B.00 (IECG)*, **
Xcelera 4.1*
Holter Recorder DigiTrak XT (DTXT) *
IntelliSpace Perinatal Revision (H, J, K)*,**
Xper IM*

*Software only products with customer owned Operating Systems

 

**Information or patch available in Incenter

 

Note:


For customers who utilize the Remote Services Network (RSN, PRS), all Philips RSN systems are fully protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips service teams from providing any required immediate and proactive support such as remote patching.

Philips is continuing to assess the Microsoft patch for Philips’ products and services that use remote desktop services. Philips will use Incenter as the communication mechanism for necessary mitigation or remediation.

 

End Update D

 

Begin Update C: June 30, 2019

 

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to CVE-2019-0708. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

CompuRecord (F.02, G.00, and G.01)*
IBE (B.02, B.03, B.04, B.05, B.06, B.07, B.08, B.09,  B.10)**
IntelliSpace Portal (ISP) Server& Workstation**
DAW**
ICCA (F, G)**
IntelliVue Guardian Software*
Efficia Central - SureSigns Monitor / CMS200
IEM (v11.00, v11.01, v11.02, v11.03, v11.04)**
MR Intera/Achieva/Ingenia/Multiva/Prodiva R5.3
eICU*
IntelliSpace Breast
PIIC Classic (L, M, N, N.01)
Extended Brilliance Workspace (EBW)**
Intellispace Cardiovascular (ISCV)*
ST80i A.02
Forcare suite*
IntelliSpace ECG Management System B.00 (IECG)*
Xcelera 4.1*
Holter Recorder DigiTrak XT (DTXT) *
IntelliSpace Perinatal Revision (F, J.x)*
Xper IM*

*Software only products with customer owned Operating Systems

 

**Information or patch available in Incenter

 

Note:


For customers who utilize the Remote Services Network (RSN, PRS), all Philips RSN systems are fully protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips service teams from providing any required immediate and proactive support such as remote patching.

 

Philips is continuing to assess the Microsoft patch for Philips’ products and services that use remote desktop services. Philips will use Incenter as the communication mechanism for necessary mitigation or remediation.

 

End Update C

 

Begin Update B: June 7, 2019

 

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products vulnerable to CVE-2019-0708. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

CompuRecord (F.02, G.00, and G.01)*
IBE (B.02, B.03, B.04, B.05, B.06, B.07, B.08, B.09,  B.10)**
IntelliSpace Portal (ISP) Server& Workstation**
DAW**
ICCA (F, G)**
IntelliVue Guardian Software*
Efficia Central - SureSigns Monitor / CMS200
IEM (v11.00, v11.01, v11.02, v11.03, v11.04)**
PIIC Classic (L, M, N, N.01)
eICU*
IntelliSpace Breast
ST80i A.02
Extended Brilliance Workspace (EBW)**
Intellispace Cardiovascular (ISCV)*
Xcelera 4.1*
Forcare suite*
IntelliSpace ECG Management System B.00 (IECG)*
Xper IM*
Holter Recorder DigiTrak XT (DTXT) *
IntelliSpace Perinatal Revision (F, J.x)*

*Software only products with customer owned Operating Systems

 

**Information or patch available in Incenter

 

Note:


For customers who utilize the Remote Services Network (RSN, PRS), all Philips RSN systems are fully protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips service teams from providing any required immediate and proactive support such as remote patching.

 

Philips is continuing to assess the Microsoft patch for Philips’ products and services that use remote desktop services. Philips will use Incenter as the communication mechanism for necessary mitigation or remediation.

 

End Update B

 

Begin Update A: May 22, 2019

 

Philips is providing the list below in order to better assist our customers in identifying any Philips’ products running Windows XP, Windows 7, Windows 2003 and Windows 2008. However, the list below is not comprehensive and may be updated as necessary if more products are identified. It does not indicate the patch or device status.

CompuRecord (F.02, G.00, and G.01)
Efficia Central - SureSigns Monitor / CMS200
eICU
Holter Recorder DigiTrak XT (DTXT) 
IBE (B.02, B.03, B.04, B.05, B.06, B.07, B.08, B.09,  B.10)
ICCA (F, G)
IEM (v11.00, v11.01, v11.02, v11.03, v11.04)
IntelliSpace ECG Management System B.00 (IECG)
IntelliSpace Perinatal Revision (F, J.x)
IntelliVue Guardian Software
ST80i A.02

Note:


For customers who utilize the Remote Services Network (RSN, PRS), all Philips RSN systems are fully protected against this vulnerability and customers are advised not to disconnect the PRS as it may impact Philips service teams from providing any required immediate and proactive support such as remote patching.

 

Philips is continuing to assess the Microsoft patch for Philips’ products and services that use remote desktop services. Philips will use Incenter as the communication mechanism for necessary mitigation or remediation.

 

End Update A

 

Philips is currently monitoring developments and updates related to the recent Microsoft alert concerning the reported Remote Desktop Services Remote Code Execution vulnerability (CVE-2019-0708).

 

As part of the company’s product security policy and protocols, Philips’ teams are evaluating Philips’ products and solutions utilizing Microsoft Operating Systems for potential impacts from these reported vulnerabilities and validating actions. Philips is also monitoring for OS updates related to these vulnerabilities and evaluating further actions or updates to potentially affected Philips products.

 

Microsoft has released patches to help remediate these vulnerabilities. Philips is currently in the process of evaluating these patches.

Successful exploitation of this vulnerability could allow an unauthorized user to execute arbitrary code on the target system. An unauthorized user could then install programs; view, change, or delete data; or create new accounts with full user rights.

 

Philips is committed to ensuring the safety, security, integrity, and regulatory compliance of our products to be deployed and to operate within Philips approved product specifications. Therefore, in accordance with Philips policy and regulatory requirements, all changes of configuration or software to Philips’ products (including operating system security updates and patches) may be implemented only in accordance with Philips product-specific, verified & validated, authorized, and communicated customer procedures or field actions.

 

If a product does require operating system security updates, configuration changes, or other actions to be taken by our customer or by Philips Customer Services, product-specific service documentation is produced by Philips product teams and made available to Philips service delivery platforms such as the Philips InCenter Customer Portal. Once posted by Philips product teams, all of these materials are accessible to contract-entitled customers, licensed representatives, and Philips Customer Service teams.

 

Contract-entitled customers may use Philips InCenter and are encouraged to request Philips InCenter access and reference product-specific information posted. If customers still have questions, all customers (contract-entitled or otherwise)  are encouraged to contact their local service support team or regional product service support as appropriate for up to date information specific to their Philips’ products.