Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.

PwnedPiper PTS Security Flaws Threaten 80% of Hospitals in the U.S.

August 2, 2021

Cybersecurity researchers on Monday disclosed a set of 9 vulnerabilities generally known as “PwnedPiper” that left a widely-used pneumatic tube system (PTS) susceptible to important assaults, together with a risk of full takeover.

The safety weaknesses, disclosed by American cybersecurity agency Armis, impression the Translogic PTS system by Swisslog Healthcare, which is put in in about 80% of all main hospitals in North America and in no fewer than 3,000 hospitals worldwide.

Stack Overflow Teams

“These vulnerabilities can allow an unauthenticated attacker to take over Translogic PTS stations and basically achieve full management over the PTS community of a goal hospital,” Armis researchers Ben Seri and Barak Hadad mentioned. “One of these management may allow refined and worrisome ransomware assaults, in addition to permit attackers to leak delicate hospital data.”

Pneumatic tube methods are inner logistics and transport options which might be used to move blood samples in hospital settings to diagnostic laboratories securely.

Profitable exploitation of the problems, subsequently, may end in leakage of delicate data, allow an adversary to control knowledge, and even compromise the PTS community to hold out a man-in-the-middle (MitM) assault and deploy ransomware, thereby successfully halting the operations of the hospital.

The main points in regards to the 9 PwndPiper vulnerabilities are listed as follows –

  • CVE-2021-37161 – Underflow in udpRXThread
  • CVE-2021-37162 – Overflow in sccProcessMsg
  • CVE-2021-37163 – Two hardcoded passwords accessible by the Telnet server
  • CVE-2021-37164 – Off-by-three stack overflow in tcpTxThread
  • CVE-2021-37165 – Overflow in hmiProcessMsg
  • CVE-2021-37166 – GUI socket Denial Of Service
  • CVE-2021-37167 – Person script run by root can be utilized for PE
  • CVE-2021-37160 – Unauthenticated, unencrypted, unsigned firmware improve

In a nutshell, the issues — which concern privilege escalation, reminiscence corruption, and denial-of-service — could possibly be abused to achieve root entry, obtain remote-code-execution or denial-of-service, and worse, allow an attacker to keep up persistence on compromised PTS stations by way of an insecure firmware improve process, resulting in unauthenticated remote-code-execution. It is also price noting {that a} patch for CVE-2021-37160 is predicted to be shipped at a future date.

Prevent Ransomware Attacks

“The potential for pneumatic tube stations (the place the firmware is deployed) to be compromised depends on a foul actor who has entry to the power’s data know-how community and who may trigger extra harm by leveraging these exploits,” Swisslog Healthcare said in an unbiased advisory revealed immediately.

Translogic PTS system clients are extremely advisable to replace to the newest firmware (Nexus Management Panel model to mitigate any potential threat that will come up out of real-world exploitation of the shortcomings.

“This analysis sheds gentle on methods which might be hidden in plain sight however are however a vital constructing block to modern-day healthcare,” Seri and Hadad mentioned. “Understanding that affected person care relies upon not solely on medical gadgets, but in addition on the operational infrastructure of a hospital is a crucial milestone to securing healthcare environments.”

Posted in SecurityTags:
Write a comment