CVE-2017-9657

Name of the Vulnerable Software and Affected Versions Philips IntelliVue MX40 Version B.06.18

Description The issue occurs under specific 802.11 network conditions, where a partial re-association of the Philips IntelliVue MX40 WLAN monitor to the central monitoring station is possible. This can lead to a situation where the central monitoring station indicates the MX40 is not connected, but the MX40 WLAN itself remains in telemetry mode. As a result, if a patient experiences an alarm event, a delay of treatment can occur because clinical staff may expect local alarming from the MX40 when it is not available.

Recommendations For Philips IntelliVue MX40 Version B.06.18, apply the software update released by Philips to fix the issue and implement mitigations. The update includes messaging and alarming on the MX40 and at the central monitoring station when the MX40 disconnects from the access point.