Thursday, August 23, 2018

ICS-CERT Publishes BD Advisory

Today the DHS ICS-CERT published a medical device security advisory for BD Alaris syringe pumps. The advisory describes an improper authentication vulnerability. The vulnerability was reported by Elad Luz of CyberMDX. BD has identified work arounds and there is no indication that BD intends to further mitigate this vulnerability.

ICS-CERT reports that a relatively low-skilled attacker could remotely exploit the vulnerability  to gain unauthorized access to various Alaris Syringe pumps and impact the intended operation of the pump when it is connected to a terminal server via the serial port.

No comments:

/* Use this with templates/template-twocol.html */