Connect with us

Hi, what are you looking for?


Malware & Threats

Siemens Medical Products Affected by Wormable Windows Flaw

Several products made by Siemens Healthineers, a Siemens company that specializes in medical technology, are affected by a recently patched Windows vulnerability tracked as CVE-2019-0708 and BlueKeep.

Several products made by Siemens Healthineers, a Siemens company that specializes in medical technology, are affected by a recently patched Windows vulnerability tracked as CVE-2019-0708 and BlueKeep.

The vulnerability impacts the Windows Remote Desktop Services (RDS) and it was fixed by Microsoft with its May 2019 Patch Tuesday updates. The flaw has been described as wormable and it can be leveraged by malware to spread similar to the way the notorious WannaCry ransomware did back in 2017 through the EternalBlue exploit.

It allows an unauthenticated attacker to execute code and take control of a device without any user interaction by sending specially crafted requests to the targeted machine’s RDS via the Remote Desktop Protocol (RDP).

Microsoft has released patches for Windows 7, Server 2008, XP and Server 2003. Windows 7 and Server 2008 users can prevent unauthenticated attacks by enabling Network Level Authentication (NLA). The threat can also be mitigated by blocking TCP port 3389 at the perimeter firewall.

Experts have warned that the flaw poses a serious risk to organizations, including industrial environments, and the risk of exploitation has increased after several researchers and cybersecurity companies have reported developing PoC exploits.

Shortly after Microsoft released patches, Siemens informed customers that it had launched an investigation into the impact of CVE-2019-0708 on its Healthineers products. The company has now published six security advisories describing the impact of the flaw on its products and the steps customers need to take to mitigate the risks.

Siemens has pointed out that “the exploitability of the vulnerability depends on the specific configuration and deployment environment of each product.”

Advertisement. Scroll to continue reading.

In the case of impacted Healthineers software products, the company has advised users to install the patches from Microsoft. Impacted software includes MagicLinkA, MagicView, Medicalis, Screening Navigator, syngo and teamplay.

For impacted advanced therapy products the company recommends disabling RDP, blocking TCP port 3389, and implementing other workarounds and mitigations suggested by Microsoft. Impacted products include System ACOM, Sensis and VM SIS Virtual Server.

Users of Siemens Healthineers’ Lantis radiation oncology products have been advised to disable RDP or close port 3389.

In the case of laboratory diagnostics products, Siemens says a majority are not affected. For those that are impacted, the company has promised to release patches and provide information for increasing system security. Impacted products include Atellica, Aptio, StreamLab, CentraLink, syngo, Viva, BCS XP, BN ProSpec, and CS.

Axiom, Mobilett, Multix, and Vertix radiography and mobile X-ray products are also affected by the BlueKeep vulnerability and Siemens has advised customers to contact their regional support center.

Finally, Siemens informed users of AUWi and Rapid Point point-of-care products that no immediate action is required and that patches should become available sometime in June. In the meantime, the same mitigations and workarounds can be applied to prevent potential attacks.

Related: Siemens Patches Serious DoS Flaws in Many Industrial Products

Related: Siemens Addresses Vulnerabilities in LOGO, SINAMICS Products

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.