The Department of Homeland Security has disclosed that it has identified two cybersecurity vulnerabilities in the firmware and web management of BD Alaris Gateway Workstations. The vulnerabilities were discovered by healthcare cybersecurity firm CyberMDX.
The vulnerabilities discovered are of grave nature as these could allow malicious actors to hijack and remotely access and control the popular infusion pump. The infusion pump from Alaris delivers fluids into a patient’s body in a controlled manner. The cyber sleuths found that attackers could exploit the bugs to install firmware on pump’s onboard computer which runs on Windows CE, which actually controls the device.
On company blog, Jon Rabinowitz, VP marketing at CyberMDX wrote: “An attack of this sort can allow an attacker to disable the workstation, disrupt the workstation, disrupt the flow of electricity to care-critical infusion pumps, falsify pump status information (vital for the nursing staff), and in some cases even alter drug delivery.”
The flaw has been designated CVE-2019-10959. The DHS on a rare note rated the vulnerability with a score of 10.0. The second vulnerability with the pump was scored at 7.3 out of 10.0.
5G spectrum prices could be lowered due to a ban on Chinese vendors
McGuinness leads the popular yogurt brand
DHS alerts industry about risks of Chinese-made drones
Microsoft warns Windows XP and 7 users of major security attack
San Francisco could be the first city to ban facial recognition
© 2020 CIO Bulletin. All rights reserved.