Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Rapid7 Flags Multiple Flaws in Sigma Spectrum Infusion Pumps

Security researchers at Rapid7 are warning about multiple secuirty vulnerabilities impacting Baxter’s Sigma Spectrum infusion pumps, including issues that could lead to the leakage of credential.

In an advisory published Thursday, Rapid7 called attention to five vulnerabilities found in Sigma Spectrum infusion pumps and the Sigma WiFi batteries.

Security researchers at Rapid7 are warning about multiple secuirty vulnerabilities impacting Baxter’s Sigma Spectrum infusion pumps, including issues that could lead to the leakage of credential.

In an advisory published Thursday, Rapid7 called attention to five vulnerabilities found in Sigma Spectrum infusion pumps and the Sigma WiFi batteries.

The Sigma Spectrum infusion pumps have been designed so that, when powered up after a WiFi battery is connected, unencrypted data is sent to the battery via universal asynchronous receiver-transmitter (UART).

Because of that, the transmitted data is potentially at risk of compromise by attackers with access to the infusion pumps, who could either place a communication shim between the units to capture the data, or could use their own battery to exfiltrate data.

The first block of transmitted data contains the WiFi configuration information, which is then stored on the battery’s non-volatile memory. An attacker able to attach their own battery to a pump could then extract from the unit credentials that allows them to access an organization’s WiFi network.

[ READ: Hackers Can Tamper With Doses Delivered by Medical Infusion Pumps ]

Tracked as CVE-2022-26390, the flaw could also result in credential leaks if the battery’s non-volatile memory is not overwritten before the unit is decommissioned, Rapid7 explained.

“When the devices are de-acquisitioned and no efforts are made to overwrite the stored data, anyone acquiring these devices on the secondary market could gain access to critical WiFi credentials of the organization that de-acquisitioned the devices,” the company said.

Advertisement. Scroll to continue reading.

Rapid7 also discovered a format string vulnerability impacting the ‘hostmessage’ command of a telnet session on the Sigma WiFi battery (CVE-2022-26392). If `settrace state=on` is enabled, an attacker could view the output from the vulnerability by entering a specific command during a telnet session.

Another format string vulnerability on the WiFi battery can be triggered by setting up a WiFi access point with a SSID containing format string specifiers, and then sending a `get_wifi_location (20)` command to the infusion pump via XML, at specific ports.

Tracked as CVE-2022-26393, the vulnerability is triggered when the device processes the SSID name of the access point. An attacker within radio range could exploit the issue to potentially read and write arbitrary memory, or, at a minimum, to cause a denial of service (DoS) condition.

[ READ: Zyxel Patches Critical Security Flaw in NAS Firmware

Rapid7 also warned that the Sigma GW IP address could be changed remotely on all tested WiFi battery units, without authentication (CVE-2022-26394). The SIGMA GW is used for setting the back-end communication services for the device.

An attacker could exploit this vulnerability by sending an XML command 15 to TCP or UDP port 51243, allowing them to eavesdrop on all communications initiated by the infusion pump (a man-in-the-middle (MitM) attack).

Organizations are advised to restrict physical access to the infusion pumps or Wi-Fi battery units, as well as to plug batteries into a unit with invalid or blank credentials to overwrite their non-volatile memory and prevent credential leaks.

In addition, organizations should restrict access to the network segments to which the infusion pumps are connected, as well as monitor network traffic for unauthorized communication over TCP and UDP port 51243 to infusion pumps.

Baxter manufactures and markets a variety of healthcare and pharmaceutical products, including infusion systems. The company’s Sigma Spectrum infusion pumps are TCP/IP-enabled devices commonly used in healthcare facilities to administer medication and nutrition to patients.

Related: Infusion Pumps Impacted by Years-Old Critical Vulnerabilities: Report

Related: Vulnerabilities Allow Hackers to Tamper With Doses Delivered by Medical Infusion Pumps

Related: IoT’s Importance is Growing Rapidly, But Its Security Is Still Weak

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...