Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Siemens Medical Products Affected by Wormable Windows Flaw

Several products made by Siemens Healthineers, a Siemens company that specializes in medical technology, are affected by a recently patched Windows vulnerability tracked as CVE-2019-0708 and BlueKeep.

Several products made by Siemens Healthineers, a Siemens company that specializes in medical technology, are affected by a recently patched Windows vulnerability tracked as CVE-2019-0708 and BlueKeep.

The vulnerability impacts the Windows Remote Desktop Services (RDS) and it was fixed by Microsoft with its May 2019 Patch Tuesday updates. The flaw has been described as wormable and it can be leveraged by malware to spread similar to the way the notorious WannaCry ransomware did back in 2017 through the EternalBlue exploit.

It allows an unauthenticated attacker to execute code and take control of a device without any user interaction by sending specially crafted requests to the targeted machine’s RDS via the Remote Desktop Protocol (RDP).

Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Windows 7 and Server 2008 users can prevent unauthenticated attacks by enabling Network Level Authentication (NLA). The threat can also be mitigated by blocking TCP port 3389 at the perimeter firewall.

Experts have warned that the flaw poses a serious risk to organizations, including industrial environments, and the risk of exploitation has increased after several researchers and cybersecurity companies have reported developing PoC exploits.

Shortly after Microsoft released patches, Siemens informed customers that it had launched an investigation into the impact of CVE-2019-0708 on its Healthineers products. The company has now published six security advisories describing the impact of the flaw on its products and the steps customers need to take to mitigate the risks.

Siemens has pointed out that “the exploitability of the vulnerability depends on the specific configuration and deployment environment of each product.”

In the case of impacted Healthineers software products, the company has advised users to install the patches from Microsoft. Impacted software includes MagicLinkA, MagicView, Medicalis, Screening Navigator, syngo and teamplay.

Advertisement. Scroll to continue reading.

For impacted advanced therapy products the company recommends disabling RDP, blocking TCP port 3389, and implementing other workarounds and mitigations suggested by Microsoft. Impacted products include System ACOM, Sensis and VM SIS Virtual Server.

Users of Siemens Healthineers’ Lantis radiation oncology products have been advised to disable RDP or close port 3389.

In the case of laboratory diagnostics products, Siemens says a majority are not affected. For those that are impacted, the company has promised to release patches and provide information for increasing system security. Impacted products include Atellica, Aptio, StreamLab, CentraLink, syngo, Viva, BCS XP, BN ProSpec, and CS.

Axiom, Mobilett, Multix, and Vertix radiography and mobile X-ray products are also affected by the BlueKeep vulnerability and Siemens has advised customers to contact their regional support center.

Finally, Siemens informed users of AUWi and Rapid Point point-of-care products that no immediate action is required and that patches should become available sometime in June. In the meantime, the same mitigations and workarounds can be applied to prevent potential attacks.

Related: Siemens Patches Serious DoS Flaws in Many Industrial Products

Related: Siemens Addresses Vulnerabilities in LOGO, SINAMICS Products

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.