Thursday, October 19, 2017

ICS-CERT Publishes 2 Advisories and 1 Update

Today the DHS ICS-CERT published one medical control system security advisory for a product from Boston Scientific. Additionally, they published an industrial control system advisory for a product from SpiderControl. They also updated a medical control system advisory for a product from Becton, Dickinson and Company.

Boston Scientific Advisory

This advisory describes two vulnerabilities for the Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor (PRM). The vulnerabilities were reported by Jonathan Butts and Billy Rios of Whitescope. Boston Scientific has provided mitigating controls. ICS-CERT reports that Boston Scientific will not be fixing the vulnerabilities.

The two reported vulnerabilities are:

• Use of hard-coded cryptographic key - CVE-2017-14014; and
• Missing encryption of sensitive data - CVE-2017-14012

ICS-CERT reports that an uncharacterized attacker with physical access to the device could exploit these vulnerabilities to obtain patient health information (PHI).

SpiderControl Advisory

This advisory describes an uncontrolled search path element vulnerability in the SpiderControl MicroBrowser, a touch panel operating system. The vulnerability was reported by Karn Ganeshen. SpiderControl has provided a new version that mitigates the vulnerability. There is no indication that Ganeshen has been provided an opportunity to verify the efficacy of the fix.

ICS-CERT reports that a relatively low skilled attacker could remotely exploit the vulnerability to execute arbitrary code on the target system.

BD Update

This update provides additional information on an advisory that was originally published on February 7th, 2017. The updated information includes:

• The identification of “Researchers at Zingbox” as being involved in the reporting of the vulnerabilities;
• The expansion of the impact statement to include the ability to “compromise the confidentiality, integrity, and availability of the device”;
• The information that an internal removeable flash drive which in some versions provides access to “wireless network authentication credentials and other sensitive technical data on the affected device’s removable flash memories”;
• Updated mitigation measures; and

• A link to the updated BD security bulletin [.PDF download] which provides additional details on the information accessible due to the reported vulnerabilities

No comments:

/* Use this with templates/template-twocol.html */