Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?


Malware & Threats

Siemens Medical Products Affected by Wormable Windows Flaw

Several products made by Siemens Healthineers, a Siemens company that specializes in medical technology, are affected by a recently patched Windows vulnerability tracked as CVE-2019-0708 and BlueKeep.

Several products made by Siemens Healthineers, a Siemens company that specializes in medical technology, are affected by a recently patched Windows vulnerability tracked as CVE-2019-0708 and BlueKeep.

The vulnerability impacts the Windows Remote Desktop Services (RDS) and it was fixed by Microsoft with its May 2019 Patch Tuesday updates. The flaw has been described as wormable and it can be leveraged by malware to spread similar to the way the notorious WannaCry ransomware did back in 2017 through the EternalBlue exploit.

It allows an unauthenticated attacker to execute code and take control of a device without any user interaction by sending specially crafted requests to the targeted machine’s RDS via the Remote Desktop Protocol (RDP).

Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Windows 7 and Server 2008 users can prevent unauthenticated attacks by enabling Network Level Authentication (NLA). The threat can also be mitigated by blocking TCP port 3389 at the perimeter firewall.

Experts have warned that the flaw poses a serious risk to organizations, including industrial environments, and the risk of exploitation has increased after several researchers and cybersecurity companies have reported developing PoC exploits.

Shortly after Microsoft released patches, Siemens informed customers that it had launched an investigation into the impact of CVE-2019-0708 on its Healthineers products. The company has now published six security advisories describing the impact of the flaw on its products and the steps customers need to take to mitigate the risks.

Siemens has pointed out that “the exploitability of the vulnerability depends on the specific configuration and deployment environment of each product.”

In the case of impacted Healthineers software products, the company has advised users to install the patches from Microsoft. Impacted software includes MagicLinkA, MagicView, Medicalis, Screening Navigator, syngo and teamplay.

Advertisement. Scroll to continue reading.

For impacted advanced therapy products the company recommends disabling RDP, blocking TCP port 3389, and implementing other workarounds and mitigations suggested by Microsoft. Impacted products include System ACOM, Sensis and VM SIS Virtual Server.

Users of Siemens Healthineers’ Lantis radiation oncology products have been advised to disable RDP or close port 3389.

In the case of laboratory diagnostics products, Siemens says a majority are not affected. For those that are impacted, the company has promised to release patches and provide information for increasing system security. Impacted products include Atellica, Aptio, StreamLab, CentraLink, syngo, Viva, BCS XP, BN ProSpec, and CS.

Axiom, Mobilett, Multix, and Vertix radiography and mobile X-ray products are also affected by the BlueKeep vulnerability and Siemens has advised customers to contact their regional support center.

Finally, Siemens informed users of AUWi and Rapid Point point-of-care products that no immediate action is required and that patches should become available sometime in June. In the meantime, the same mitigations and workarounds can be applied to prevent potential attacks.

Related: Siemens Patches Serious DoS Flaws in Many Industrial Products

Related: Siemens Addresses Vulnerabilities in LOGO, SINAMICS Products

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights