Ethical Hacking News Hubb
Advertisement Banner
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Ethical Hackers

New Vulnerabilities Reported in Baxter’s Internet-Connected Infusion Pumps

admin by admin
September 8, 2022
in Ethical Hackers


Multiple security vulnerabilities have been disclosed in Baxter’s internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients.

“Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a coordinated advisory.

Infusion pumps are internet-enabled devices used by hospitals to deliver medication and nutrition directly into a patient’s circulatory system.

The four vulnerabilities in question, discovered by cybersecurity firm Rapid7 and reported to Baxter in April 2022, affect the following Sigma Spectrum Infusion systems –

  • Sigma Spectrum v6.x model 35700BAX
  • Sigma Spectrum v8.x model 35700BAX2
  • Baxter Spectrum IQ (v9.x) model 35700BAX3
  • Sigma Spectrum LVP v6.x Wireless Battery Modules v16, v16D38, v17, v17D19, v20D29 to v20D32, and v22D24 to v22D28
  • Sigma Spectrum LVP v8.x Wireless Battery Modules v17, v17D19, v20D29 to v20D32, and v22D24 to v22D28
  • Baxter Spectrum IQ LVP (v9.x) with Wireless Battery Modules v22D19 to v22D28
CyberSecurity

The list of flaws uncovered is below –

  • CVE-2022-26390 (CVSS score: 4.2) – Storage of network credentials and patient health information (PHI) in unencrypted format
  • CVE-2022-26392 (CVSS score: 2.1) – A format string vulnerability when running a Telnet session
  • CVE-2022-26393 (CVSS score: 5.0) – A format string vulnerability when processing Wi-Fi SSID information, and
  • CVE-2022-26394 (CVSS score: 5.5) – Missing mutual authentication with the gateway server host

Successful exploitation of the above vulnerabilities could cause a remote denial-of-service (DoS), or enable an attacker with physical access to the device to extract sensitive information or alternatively carry out adversary-in-the-middle attacks.

The vulnerabilities could further result in a “loss of critical Wi-Fi password data, which could lead to greater network access should the network not be properly segmented,” Deral Heiland, principal security researcher for IoT at Rapid7, told The Hacker News.

Baxter, in an advisory, emphasized that the issues only affect customers who use the wireless capabilities of the Spectrum Infusion System, but also cautioned it could lead to a delay or interruption of therapy should the flaws be weaponized.

“If exploited, the vulnerabilities could result in disruption of [Wireless Battery Module] operation, disconnection of the WBM from the wireless network, alteration of the WBM’s configuration, or exposure of data stored on the WBM,” the company said.

CyberSecurity

The latest findings are yet another indication of how common software vulnerabilities continue to plague the medical industry, a concerning development given their potential implications affecting patient care.

That said, this is not the first time security flaws in infusion pumps have come under the scanner. Earlier this March, Palo Alto Networks Unit 42 disclosed that an overwhelming majority of infusion pumps were exposed to nearly 40 known vulnerabilities, highlighting the need to secure healthcare systems from security threats.

Baxter is recommending customers to ensure that all data and settings are erased from decommissioned pumps, place infusion systems behind a firewall, enforce network segmentation, and use strong wireless network security protocols to prevent unauthorized access.

It’s crucial to “implement processes and procedures to manage the de-acquisition of medical technology, [and] to assure that PII and/or configuration data such as Wi-Fi, WPA, PSK, etc., are purged from the devices prior to resale or transfer to another party,” Heiland said.

“Maintain strong physical security within and around medical areas containing MedTech devices, as well as areas with access to a biomed network. Implement network segmentation for all biomed networks to prevent other general or business networks from communicating with MedTech devices.”





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

A Python Script To Automatically Coerce A Windows Server To Authenticate On An Arbitrary Machine Through 9 Methods

Next Post

How to watch Vampire Academy Season 1 online

Next Post

How to watch Vampire Academy Season 1 online

Recommended

Malware Attack on CircleCI Engineer’s Laptop Leads to Recent Security Incident

2 weeks ago

A Simple Tool To Audit Your AWS Infrastructure For Misconfiguration Or Potential Security Issues With Plugins Integration

3 weeks ago

© 2022 Ethical Hacking News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Ethical Hackers
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Ethical Hackers
  • Contact

© 2022 Ethical Hacking News Hubb All rights reserved.