Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Critical flaws in TransLogic Pneumatic Tube System could see attackers sabotage hospital operations

Attackers who exploit critical security vulnerabilities in Swisslog’s TransLogic Pneumatic Tube System (PTS) could potentially reroute or shut down the automated delivery of medications and other vital items around hospitals.

Swisslog has urged healthcare facilities to update their systems after releasing a firmware update today (August 2) that addresses all but one of nine flaws discovered by researchers from cybersecurity firm Armis.

TransLogic PTS is used in more than 80% of North American hospitals and more than 3,000 healthcare facilities worldwide, according to Swisslog.

The system transports medications, blood products, lab samples, and test results around facilities within cylindrical containers via a network of pneumatic tubes.

‘PwnedPiper’

The vulnerabilities were found in the Nexus Control Panel, which powers all Translogic PTS stations.

Dubbed ‘PwnedPiper’, the vulnerabilities “can enable an unauthenticated attacker to take over Translogic PTS stations and essentially gain complete control over the PTS network of a target hospital”, reads a blog post published by Armis.

From there, attackers could launch denial-of-service attacks, ransomware attacks, or manipulator-in-the-middle (MitM) attacks that redirect carriers containing vital medical items.

TransLogic PTS can also transport urgent items at comparatively high speeds and sensitive items, such as blood products, more slowly.

“If an attacker were to compromise the PTS system, he may alter the system’s speed restrictions, which can in turn damage such sensitive items,” warns Armis.

Prolonged shutdown

The most severe vulnerability (CVE-2021-37160), which Armis said remains unpatched, could see an attacker achieve remote code execution (RCE) and maintain persistence on the target device after initiating a firmware update procedure.

This is possible because a design flaw means firmware upgrades lack encryption, authentication, and cryptographic signature mechanisms.

Remediating such an attack with manual firmware upgrades “will take considerable time and effort”, notes Armis, and many hospitals lack contingency plans for handling a prolonged shutdown of PTS systems.

The threat is exacerbated further by the system’s integration with other hospital systems such as Swisslog’s WhoTube access control system.

In exploiting four memory corruption vulnerabilities in the TLP20 control protocol (CVE-2021-37161, CVE-2021-37162, CVE-2021-37165, CVE-2021-37164), an attacker could potentially achieve RCE, and thereafter harvest employees’ RFID credentials.

They could also perform reconnaissance on the PTS network, seize control of all Nexus stations, and “hold them hostage in a sophisticated ransomware attack,” said Armis.

Advertisement. Scroll to continue reading.

The vulnerabilities also include two privilege escalation flaws arising from hardcoded passwords (CVE-2021-37163 and CVE-2021-37167), and a denial-of-service vulnerability (CVE-2021-37166).

Patch now

Armis alerted Swisslog to the vulnerabilities on May 1, 2021.

With the researchers’ help, Swisslog has released firmware version 7.2.5.7 and mitigations in security advisories addressing each flaw.

All previous firmware versions are susceptible to the flaws.

Armis says it expects CVE-2021-37160 to be patched in a future release.

Armis says PTS systems have hitherto been overlooked by security researchers despite the critical role they play in healthcare settings.

“Understanding that patient care depends not only on medical devices, but also on the operational infrastructure of a hospital is an important milestone to securing healthcare environments,” said Nadir Izrael, co-founder and CTO at Armis.

Armis security researchers Ben Seri and Barak Hadad will present the PwnedPiper research at Black Hat USA later this week.

Armis, whose flagship product is an agentless device security platform, has also published a technical white paper (PDF) on the research.

The Daily Swig has contacted Swisslog for further comment and we will update this article should we receive a response.

Source: https://portswigger.net/daily-swig/critical-flaws-in-translogic-pneumatic-tube-system-could-see-attackers-sabotage-nbsp-hospital-operations

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe...

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO