• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
report: nearly 75% of infusion pumps affected by severe vulnerabilities

Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities

You are here: Home / General Cyber Security News / Report: Nearly 75% of Infusion Pumps Affected by Severe Vulnerabilities
March 3, 2022

An analysis of knowledge crowdsourced from additional than 200,000 network-linked infusion pumps employed in hospitals and healthcare entities has discovered that 75% of those people health care products have security weaknesses that could put them at risk of likely exploitation.

“These shortcomings bundled publicity to just one or far more of some 40 regarded cybersecurity vulnerabilities and/or alerts that they experienced one or much more of some 70 other styles of regarded security shortcomings for IoT gadgets,” Unit 42 security researcher Aveek Das mentioned in a report revealed Wednesday.

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Palo Alto Networks’ risk intelligence workforce stated it acquired the scans from 7 medical device makers. On prime of that, 52.11% of all infusion pumps scanned have been prone to two known vulnerabilities that had been disclosed in 2019 as aspect of 11 flaws collectively named “URGENT/11” –

  • CVE-2019-12255 (CVSS score: 9.8) – A buffer overflow flaw in the TCP ingredient of Wind River VxWorks
  • CVE-2019-12264 (CVSS rating: 7.1) – An issue with incorrect access control in the DHCP customer part of Wind River VxWorks

Other vital flaws impacting infusion pump are stated down below –

  • CVE-2016-9355 (CVSS score: 5.3) – An unauthorized person with bodily entry to an Alaris 8015 Point of Care models might be capable to disassemble the machine to accessibility the detachable flash memory, allowing examine-and-produce accessibility to machine memory
  • CVE-2016-8375 (CVSS score: 4.9) – A credential management mistake in Alaris 8015 Point of Treatment models that could be exploited to get unencrypted wi-fi network authentication qualifications and other delicate specialized knowledge
  • CVE-2020-25165 (CVSS rating: 7.5) – An improper session authentication vulnerability in Alaris 8015 Position of Care models that could be abused to execute a denial-of-provider attack on the gadgets
  • CVE-2020-12040 (CVSS score: 9.8) – Cleartext transmission of delicate information in Sigma Spectrum Infusion System
  • CVE-2020-12047 (CVSS score: 9.8) – Use of tricky-coded FTP credentials in Baxter Spectrum WBM
  • CVE-2020-12045 (CVSS rating: 9.8) – Use of tricky-coded Telnet credentials in Baxter Spectrum WBM
  • CVE-2020-12043 (CVSS score: 9.8) – Baxter Spectrum WBM FTP services stays operational just after its anticipated expiry time till it really is rebooted
  • CVE-2020-12041 (CVSS rating: 9.8) – Baxter Spectrum Wi-fi Battery Module (WBM) permits facts transmission and command-line interfaces over Telnet

Profitable exploitation of the aforementioned vulnerabilities could result in leakage of delicate facts pertaining to individuals and enable an attacker to attain unauthorized entry to the gadgets, necessitating that health and fitness devices are proactively safeguarded against threats.

Prevent Data Breaches

Final yr, McAfee disclosed security vulnerabilities affecting B. Braun’s Infusomat Place Big Quantity Pump and SpaceStation that could be abused by malicious get-togethers to tamper with treatment doses with out any prior authentication.

The discovery “highlights the will need for the healthcare industry to redouble initiatives to protect in opposition to recognised vulnerabilities, when diligently pursuing greatest practices for infusion pumps and healthcare facility networks,” Das stated.

Found this article attention-grabbing? Observe THN on Fb, Twitter  and LinkedIn to examine a lot more special content we post.


Some sections of this post are sourced from:
thehackernews.com

Previous Post: «u.s senate passes cybersecurity bill to strengthen critical infrastructure security U.S Senate Passes Cybersecurity Bill to Strengthen Critical Infrastructure Security
Next Post: Hackers Who Broke Into NVIDIA’s Network Leak DLSS Source Code Online hackers who broke into nvidia's network leak dlss source code»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Lumos System Can Find Hidden Cameras and IoT Devices in Your Airbnb or Hotel Room
  • Link Found Connecting Chaos, Onyx and Yashma Ransomware
  • Zoom Patches ‘Zero-Click’ RCE Bug
  • Messages Sent Through Zoom Can Expose People to Cyber-Attack
  • Verizon Report: Ransomware, Human Error Among Top Security Risks
  • How Secrets Lurking in Source Code Lead to Major Breaches
  • Learn How Hackers Can Hijack Your Online Accounts Even Before You Create Them
  • UK Government Cybersecurity Advisory Board Applications Now Open
  • Better together: Accelerating security and success for MSPs with automation
  • GoodWill Ransomware Demands People Help the Most Vulnerable

Copyright © TheCyberSecurity.News, All Rights Reserved.