PwnedPiper PTS Security Vulnerabilities Put 80% of American Hospitals at Risk!
Today’s cyberspace is on a shaky footing as new security vulnerabilities are cropping up ever so frequently now. Amid the pandemic, the world has witnessed an increasing trend in the number of vulnerabilities identified and their exploits.
Recently, cybersecurity researchers unveiled a set of nine security vulnerabilities, dubbed ‘PwnedPiper,’ in pneumatic tube systems (PTS) used in 80 percent of hospitals in North America.
PTS systems play a vital role in healthcare. They automate material transport that includes highly sensitive packages such as medications, blood samples, and lab specimens.
The bugs, discovered by cybersecurity firm Armis, were found in the Nexus Control Panel, which powers all the current models of Swisslog Healthcare’s Translogic PTS stations.
“Medications supplied to departments, timely delivery of lab samples, and even blood units supplied to operating rooms all depending on the constant availability of the PTS. The hospital’s operations can be severely derailed if in case a malicious actor exploits the vulnerabilities,” opined Armis researchers.
The nine critical vulnerabilities include unencrypted connections, hard-coded passwords, and unauthenticated firmware updates. These gaping holes could enable a malicious actor to carry out remote code execution (RCE) and take over Nexus stations.
“By compromising a Nexus station, an attacker can leverage it for reconnaissance purposes, including harvesting data from the station, such as RFID credentials of any employee that uses the PTS system, details about each station’s functions or location, as well as gain an understanding of the physical layout of the PTS network,” said Armis.
“From there, an attacker can take over all Nexus stations in the tube network and hold them hostage in a sophisticated ransomware attack.”
If a cybercriminal ever gains control of the tube network, the repercussions could include ransomware, man-in-the-middle (MitM), or denial-of-service (DoS) attacks. Any of them would potentially kneecap the targeted hospital’s critical infrastructure.
“This research sheds light on systems that are hidden in plain sight but are nevertheless a crucial building block to modern-day healthcare,” said Armis researchers Ben Seri and Barak Hadad.
“Understanding that patient care depends not only on medical devices but also on the operational infrastructure of a hospital is an important milestone to securing healthcare environments.”
A Glance at the PwnedPiper Vulnerabilities:
Vulnerability Name | CVE |
No firmware update validation | CVE-2021-37160 |
Underflow in udpRXThread | CVE-2021-37161 |
Overflow in sccProcessMsg | CVE-2021-37162 |
Hardcoded credentials for the telnet server | CVE-2021-37163 |
Off-by-three stack overflow in tcpTxThread | CVE-2021-37164 |
Overflow in hmiProcessMsg | CVE-2021-37165 |
GUI socket denial of service | CVE-2021-37166 |
Privilege escalation | CVE-2021-37167 |
A New, Patched Version of Nexus Control Panel Released!
Swisslog Healthcare has responded swiftly and patched all the vulnerabilities except one that impacts legacy systems. CVE-2021-37160 is due to be patched in a future release.
The company released a new, patched version of the Nexus Control Panel (version 7.2.5.7) and recommended all its Translogic PTS system customers update their firmware.
“All but one of these vulnerabilities were subsequently removed in a software release containing updated firmware. Mitigations for the remaining vulnerability were made,” stated Swisslog in a press release.
The company documented the details on mitigations in its Network Communications and Deployment Guide, which is readily available for the customers.
“The vulnerabilities only exist when a combination of variables exists,” noted Jennie McQuade, Chief Privacy Officer for Swisslog Healthcare.
“The potential for PTS systems to be compromised is dependent on a bad actor who has access to the facility’s IT network and who could cause additional damage by leveraging these exploits.”
More Articles:
- Autonomous Car Security: Adversarial Attacks Against New Mobility!
- Cybersecurity in Education: 10 Important Facts and Statistics
- Cyber Security Services for Education & Research Institutions
- Zero Trust Security: Why It’s Important for Your Business?
- Top 10 Chief Information Security Officer (CISO) Predictions In 2021