CVE-2017-9656 – This vulnerability in Philips DoseWise Portal a... (How to Fix)

Q: What is the severity of CVE-2017-9656?

CVE-2017-9656 has a CVSS score of 9.1 (CRITICAL). This vulnerability in Philips DoseWise Portal allows attackers with system access to discover hard-coded database credentials, potentially gaining full control over the medical database containing protected health information (PHI). It affects healthcare organizations using vulnerable versions of the DoseWise Portal application.

📋 TL;DR

This vulnerability in Philips DoseWise Portal allows attackers with system access to discover hard-coded database credentials, potentially gaining full control over the medical database containing protected health information (PHI). It affects healthcare organizations using vulnerable versions of the DoseWise Portal application.

💻 Affected Systems

Products:

Philips DoseWise Portal

Versions: 1.1.7.333 and 2.1.1.3069

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the backend database configuration with hard-coded credentials that cannot be changed by administrators.

📦 What is this software?

Dosewise by Philips

View all CVEs affecting Dosewise →

Dosewise by Philips

View all CVEs affecting Dosewise →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the medical database containing PHI, allowing unauthorized access, modification, or deletion of sensitive patient data, potentially affecting patient care and violating HIPAA regulations.

🟠

Likely Case

Unauthorized access to PHI by internal actors or attackers who have gained initial access to the system, leading to data breaches and regulatory violations.

🟢

If Mitigated

Limited impact due to proper network segmentation, access controls, and monitoring preventing attackers from reaching the backend system files containing credentials.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires elevated privileges to access backend system files first, then using discovered credentials to access the database.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 1.1.7.333 and 2.1.1.3069

Vendor Advisory: http://www.philips.com/productsecurity

Restart Required: Yes

Instructions:

1. Contact Philips support for updated versions. 2. Apply the security update provided by Philips. 3. Restart the DoseWise Portal application and verify functionality.

🔧 Temporary Workarounds

Restrict Access to Backend Systems

all

Implement strict access controls to prevent unauthorized users from accessing the web application backend system files.

Network Segmentation

all

Isolate the DoseWise Portal database server from other network segments to limit attack surface.

🧯 If You Can't Patch

Implement strict least-privilege access controls to the DoseWise Portal system
Monitor database access logs for unusual activity and implement database activity monitoring

🔍 How to Verify

Check if Vulnerable:

Check the DoseWise Portal version in the application interface or configuration files. If version is 1.1.7.333 or 2.1.1.3069, the system is vulnerable.

Check Version:

Check application interface or consult Philips documentation for version verification method

Verify Fix Applied:

Verify the application version has been updated to a version later than the vulnerable releases and test database connectivity with new credentials.

📡 Detection & Monitoring

Log Indicators:

Unusual database access patterns
Failed authentication attempts followed by successful access
Access to backend configuration files

Network Indicators:

Unexpected database connections from unauthorized systems
Database traffic from web application servers to unusual destinations

SIEM Query:

source="dosewise" AND (event_type="database_access" OR file_access="*config*" OR file_access="*credential*")

📊 Metadata

CVE ID: CVE-2017-9656

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-798

Published: April 24, 2018

Last Updated: November 21, 2024

🔗 References

http://www.philips.com/productsecurity Vendor Advisory
http://www.securityfocus.com/bid/100471 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01 Third Party Advisory,US Government Resource
http://www.philips.com/productsecurity Vendor Advisory
http://www.securityfocus.com/bid/100471 Third Party Advisory,VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSMA-17-229-01 Third Party Advisory,US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2017-9656, you might also want to check these: