Several products made by Siemens Healthineers, a Siemens company that specializes in medical technology, are affected by a recently patched Windows vulnerability tracked as CVE-2019-0708 and BlueKeep.
The vulnerability impacts the Windows Remote Desktop Services (RDS) and it was fixed by Microsoft with its May 2019 Patch Tuesday updates. The flaw has been described as wormable and it can be leveraged by malware to spread similar to the way the notorious WannaCry ransomware did back in 2017 through the EternalBlue exploit.
It allows an unauthenticated attacker to execute code and take control of a device without any user interaction by sending specially crafted requests to the targeted machine’s RDS via the Remote Desktop Protocol (RDP).
Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Windows 7 and Server 2008 users can prevent unauthenticated attacks by enabling Network Level Authentication (NLA). The threat can also be mitigated by blocking TCP port 3389 at the perimeter firewall.
Experts have warned that the flaw poses a serious risk to organizations, including industrial environments, and the risk of exploitation has increased after several researchers and cybersecurity companies have reported developing PoC exploits.
Shortly after Microsoft released patches, Siemens informed customers that it had launched an investigation into the impact of CVE-2019-0708 on its Healthineers products. The company has now published six security advisories describing the impact of the flaw on its products and the steps customers need to take to mitigate the risks.
Siemens has pointed out that “the exploitability of the vulnerability depends on the specific configuration and deployment environment of each product.”
In the case of impacted Healthineers software products, the company has advised users to install the patches from Microsoft. Impacted software includes MagicLinkA, MagicView, Medicalis, Screening Navigator, syngo and teamplay.
For impacted advanced therapy products the company recommends disabling RDP, blocking TCP port 3389, and implementing other workarounds and mitigations suggested by Microsoft. Impacted products include System ACOM, Sensis and VM SIS Virtual Server.
Users of Siemens Healthineers’ Lantis radiation oncology products have been advised to disable RDP or close port 3389.
In the case of laboratory diagnostics products, Siemens says a majority are not affected. For those that are impacted, the company has promised to release patches and provide information for increasing system security. Impacted products include Atellica, Aptio, StreamLab, CentraLink, syngo, Viva, BCS XP, BN ProSpec, and CS.
Axiom, Mobilett, Multix, and Vertix radiography and mobile X-ray products are also affected by the BlueKeep vulnerability and Siemens has advised customers to contact their regional support center.
Finally, Siemens informed users of AUWi and Rapid Point point-of-care products that no immediate action is required and that patches should become available sometime in June. In the meantime, the same mitigations and workarounds can be applied to prevent potential attacks.
Related: Siemens Patches Serious DoS Flaws in Many Industrial Products
Related: Siemens Addresses Vulnerabilities in LOGO, SINAMICS Products

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- UK Car Retailer Arnold Clark Hit by Ransomware
- EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
Latest News
- Google Shells Out $600,000 for OSS-Fuzz Project Integrations
- F5 BIG-IP Vulnerability Can Lead to DoS, Code Execution
- Flaw in Cisco Industrial Appliances Allows Malicious Code to Persist Across Reboots
- UK Car Retailer Arnold Clark Hit by Ransomware
- Dealing With the Carcinization of Security
- HeadCrab Botnet Ensnares 1,200 Redis Servers for Cryptomining
- Cyber Insights 2023 | Supply Chain Security
- Cyber Insights 2023 | Regulations
