Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Siemens Medical Products Affected by Wormable Windows Flaw

Several products made by Siemens Healthineers, a Siemens company that specializes in medical technology, are affected by a recently patched Windows vulnerability tracked as CVE-2019-0708 and BlueKeep.

Several products made by Siemens Healthineers, a Siemens company that specializes in medical technology, are affected by a recently patched Windows vulnerability tracked as CVE-2019-0708 and BlueKeep.

The vulnerability impacts the Windows Remote Desktop Services (RDS) and it was fixed by Microsoft with its May 2019 Patch Tuesday updates. The flaw has been described as wormable and it can be leveraged by malware to spread similar to the way the notorious WannaCry ransomware did back in 2017 through the EternalBlue exploit.

It allows an unauthenticated attacker to execute code and take control of a device without any user interaction by sending specially crafted requests to the targeted machine’s RDS via the Remote Desktop Protocol (RDP).

Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Windows 7 and Server 2008 users can prevent unauthenticated attacks by enabling Network Level Authentication (NLA). The threat can also be mitigated by blocking TCP port 3389 at the perimeter firewall.

Experts have warned that the flaw poses a serious risk to organizations, including industrial environments, and the risk of exploitation has increased after several researchers and cybersecurity companies have reported developing PoC exploits.

Shortly after Microsoft released patches, Siemens informed customers that it had launched an investigation into the impact of CVE-2019-0708 on its Healthineers products. The company has now published six security advisories describing the impact of the flaw on its products and the steps customers need to take to mitigate the risks.

Siemens has pointed out that “the exploitability of the vulnerability depends on the specific configuration and deployment environment of each product.”

In the case of impacted Healthineers software products, the company has advised users to install the patches from Microsoft. Impacted software includes MagicLinkA, MagicView, Medicalis, Screening Navigator, syngo and teamplay.

For impacted advanced therapy products the company recommends disabling RDP, blocking TCP port 3389, and implementing other workarounds and mitigations suggested by Microsoft. Impacted products include System ACOM, Sensis and VM SIS Virtual Server.

Users of Siemens Healthineers’ Lantis radiation oncology products have been advised to disable RDP or close port 3389.

In the case of laboratory diagnostics products, Siemens says a majority are not affected. For those that are impacted, the company has promised to release patches and provide information for increasing system security. Impacted products include Atellica, Aptio, StreamLab, CentraLink, syngo, Viva, BCS XP, BN ProSpec, and CS.

Axiom, Mobilett, Multix, and Vertix radiography and mobile X-ray products are also affected by the BlueKeep vulnerability and Siemens has advised customers to contact their regional support center.

Finally, Siemens informed users of AUWi and Rapid Point point-of-care products that no immediate action is required and that patches should become available sometime in June. In the meantime, the same mitigations and workarounds can be applied to prevent potential attacks.

Related: Siemens Patches Serious DoS Flaws in Many Industrial Products

Related: Siemens Addresses Vulnerabilities in LOGO, SINAMICS Products

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.