This week we have one vendor disclosure from ABB, two
updates of previously published advisories from GE Healthcare and BD and two researcher
exploits for products from FANUC Robotics.
ABB Advisory
ABB has published an
advisory describing an authentication bypass vulnerability in the ABB CCLAS
and
Ellipse applications. The vulnerability is self-reported.
ABB has new versions that mitigate the vulnerability.
GE Healthcare Update
GE Healthcare has updated an
advisory that was originally
published on July 9th, 2019. The new information expands the list
of affected products.
BD Update
BD has updated
an advisory that was originally published on November 1st, 2016
(this has not been reported by NCCIC-ICS). BD notes:
“As a result, BD has issued this
updated security bulletin to remind customers, hospital biomedical engineering,
and rental companies that Service Bulletin 597 must be followed to remove
residual data on the PCU prior to re-deployment or during decommissioning. BD
has carefully reviewed the misdirected data, and determined that it is
de-identified based on a statistical expert opinion, and therefore, not
protected health information. In addition, BD conducted a risk assessment using
the HIPAA 4-factor test and concluded there was a low probability of compromise
of such data.”
FANUC Robotics Exploits
Sebastian Hamann has published exploits for two
vulnerabilities in the FANUC Robotics Virtual Robot Controller. Hamann has not
received any response from FANUC concerning these vulnerabilities.
The reported two vulnerabilities (links provided to Hamann’s
exploit reports) are:
Posts
No comments:
Post a Comment