PwnedPiper PTS Safety Flaws Threaten 80% of Hospitals within the U.S.

Cybersecurity researchers on Monday disclosed a set of 9 vulnerabilities often known as “PwnedPiper” that left a widely-used pneumatic tube system (PTS) weak to vital assaults, together with a risk of full takeover.

The safety weaknesses, disclosed by American cybersecurity agency Armis, affect the Translogic PTS system by Swisslog Healthcare, which is put in in about 80% of all main hospitals in North America and in no fewer than 3,000 hospitals worldwide.

Stack Overflow Teams

“These vulnerabilities can allow an unauthenticated attacker to take over Translogic PTS stations and primarily achieve full management over the PTS community of a goal hospital,” Armis researchers Ben Seri and Barak Hadad mentioned. “This kind of management may allow subtle and worrisome ransomware assaults, in addition to enable attackers to leak delicate hospital data.”

Pneumatic tube methods are inner logistics and transport options which can be used to move blood samples in hospital settings to diagnostic laboratories securely.

Profitable exploitation of the problems, due to this fact, may lead to leakage of delicate data, allow an adversary to control information, and even compromise the PTS community to hold out a man-in-the-middle (MitM) assault and deploy ransomware, thereby successfully halting the operations of the hospital.

The main points in regards to the 9 PwndPiper vulnerabilities are listed as follows –

  • CVE-2021-37161 – Underflow in udpRXThread
  • CVE-2021-37162 – Overflow in sccProcessMsg
  • CVE-2021-37163 – Two hardcoded passwords accessible via the Telnet server
  • CVE-2021-37164 – Off-by-three stack overflow in tcpTxThread
  • CVE-2021-37165 – Overflow in hmiProcessMsg
  • CVE-2021-37166 – GUI socket Denial Of Service
  • CVE-2021-37167 – Person script run by root can be utilized for PE
  • CVE-2021-37160 – Unauthenticated, unencrypted, unsigned firmware improve

In a nutshell, the issues — which concern privilege escalation, reminiscence corruption, and denial-of-service — could possibly be abused to realize root entry, obtain remote-code-execution or denial-of-service, and worse, allow an attacker to keep up persistence on compromised PTS stations by way of an insecure firmware improve process, resulting in unauthenticated remote-code-execution. It is also price noting {that a} patch for CVE-2021-37160 is predicted to be shipped at a future date.

Prevent Data Breaches

“The potential for pneumatic tube stations (the place the firmware is deployed) to be compromised depends on a nasty actor who has entry to the power’s data expertise community and who may trigger further harm by leveraging these exploits,” Swisslog Healthcare said in an impartial advisory printed right this moment.

Translogic PTS system prospects are extremely advisable to replace to the newest firmware (Nexus Management Panel model to mitigate any potential threat which will come up out of real-world exploitation of the shortcomings.

“This analysis sheds gentle on methods which can be hidden in plain sight however are nonetheless an important constructing block to modern-day healthcare,” Seri and Hadad mentioned. “Understanding that affected person care relies upon not solely on medical units, but in addition on the operational infrastructure of a hospital is a vital milestone to securing healthcare environments.”

Source link