Today the DHS ICS-CERT published a medical device security advisory for
BD Alaris syringe pumps. The advisory describes an improper authentication
vulnerability. The vulnerability was reported by Elad Luz of CyberMDX. BD has
identified work arounds and there is no indication that BD intends to further
mitigate this vulnerability.
ICS-CERT reports that a relatively low-skilled attacker
could remotely exploit the vulnerability to gain unauthorized access to various Alaris
Syringe pumps and impact the intended operation of the pump when it is
connected to a terminal server via the serial port.
Posts
No comments:
Post a Comment