• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
report: nearly 75% of infusion pumps affected by severe vulnerabilities

Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities

You are here: Home / General Cyber Security News / Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities
March 3, 2022

An analysis of knowledge crowdsourced from additional than 200,000 network-linked infusion pumps employed in hospitals and healthcare entities has discovered that 75% of those people health care products have security weaknesses that could put them at risk of likely exploitation.

“These shortcomings bundled publicity to just one or far more of some 40 regarded cybersecurity vulnerabilities and/or alerts that they experienced one or much more of some 70 other styles of regarded security shortcomings for IoT gadgets,” Unit 42 security researcher Aveek Das mentioned in a report revealed Wednesday.

Automatic GitHub Backups

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Palo Alto Networks’ risk intelligence workforce stated it acquired the scans from 7 medical device makers. On prime of that, 52.11% of all infusion pumps scanned have been prone to two known vulnerabilities that had been disclosed in 2019 as aspect of 11 flaws collectively named “URGENT/11” –

  • CVE-2019-12255 (CVSS score: 9.8) – A buffer overflow flaw in the TCP ingredient of Wind River VxWorks
  • CVE-2019-12264 (CVSS rating: 7.1) – An issue with incorrect access control in the DHCP customer part of Wind River VxWorks

Other vital flaws impacting infusion pump are stated down below –

  • CVE-2016-9355 (CVSS score: 5.3) – An unauthorized person with bodily entry to an Alaris 8015 Point of Care models might be capable to disassemble the machine to accessibility the detachable flash memory, allowing examine-and-produce accessibility to machine memory
  • CVE-2016-8375 (CVSS score: 4.9) – A credential management mistake in Alaris 8015 Point of Treatment models that could be exploited to get unencrypted wi-fi network authentication qualifications and other delicate specialized knowledge
  • CVE-2020-25165 (CVSS rating: 7.5) – An improper session authentication vulnerability in Alaris 8015 Position of Care models that could be abused to execute a denial-of-provider attack on the gadgets
  • CVE-2020-12040 (CVSS score: 9.8) – Cleartext transmission of delicate information in Sigma Spectrum Infusion System
  • CVE-2020-12047 (CVSS score: 9.8) – Use of tricky-coded FTP credentials in Baxter Spectrum WBM
  • CVE-2020-12045 (CVSS rating: 9.8) – Use of tricky-coded Telnet credentials in Baxter Spectrum WBM
  • CVE-2020-12043 (CVSS score: 9.8) – Baxter Spectrum WBM FTP services stays operational just after its anticipated expiry time till it really is rebooted
  • CVE-2020-12041 (CVSS rating: 9.8) – Baxter Spectrum Wi-fi Battery Module (WBM) permits facts transmission and command-line interfaces over Telnet

Profitable exploitation of the aforementioned vulnerabilities could result in leakage of delicate facts pertaining to individuals and enable an attacker to attain unauthorized entry to the gadgets, necessitating that health and fitness devices are proactively safeguarded against threats.

Prevent Data Breaches

Final yr, McAfee disclosed security vulnerabilities affecting B. Braun’s Infusomat Place Big Quantity Pump and SpaceStation that could be abused by malicious get-togethers to tamper with treatment doses with out any prior authentication.

The discovery “highlights the will need for the healthcare industry to redouble initiatives to protect in opposition to recognised vulnerabilities, when diligently pursuing greatest practices for infusion pumps and healthcare facility networks,” Das stated.

Found this article attention-grabbing? Observe THN on Fb, Twitter  and LinkedIn to examine a lot more special content we post.


Some sections of this post are sourced from:
thehackernews.com

Previous Post: «u.s senate passes cybersecurity bill to strengthen critical infrastructure security U.S Senate Passes Cybersecurity Bill to Strengthen Critical Infrastructure Security
Next Post: Hackers Who Broke Into NVIDIA’s Network Leak DLSS Source Code Online hackers who broke into nvidia's network leak dlss source code»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Enzo Biochem Hit by Ransomware, 2.5 Million Patients’ Data Compromised
  • US and Korean Agencies Issue Warning on North Korean Cyber-Attacks
  • Malicious PyPI Packages Use Compiled Python Code to Bypass Detection
  • New Botnet Malware ‘Horabot’ Targets Spanish-Speaking Users in Latin America
  • The Importance of Managing Your Data Security Posture
  • Camaro Dragon Strikes with New TinyNote Backdoor for Intelligence Gathering
  • Insurers Predict $33bn Bill for Catastrophic “Cyber Event”
  • Chinese Phishing Gang “PostalFurious” Expands Campaign
  • Kaspersky Says it is Being Targeted By Zero-Click Exploits
  • North Korea’s Kimsuky Group Mimics Key Figures in Targeted Cyber Attacks

Copyright © TheCyberSecurity.News, All Rights Reserved.