On April 20, 2022, Rapid7 found vulnerabilities in two TCP/IP–enabled medical gadgets produced by Baxter Healthcare.
The issues, 4 in whole, affected the corporate’s SIGMA Spectrum Infusion Pump and SIGMA WiFi Battery.
Nearly 5 months after Rapid7 first reported the problems to Baxter, the businesses at the moment are revealing they’ve labored collectively to debate the affect, decision and coordinated response for these vulnerabilities.
Rapid7 detailed the findings in a brand new disclosure report, the place the agency stated the SIGMA vulnerabilities have been found by Deral Heiland, Rapid7’s principal IoT (Web of Issues) researcher.
For context, Baxter’s SIGMA infusion pumps are sometimes utilized by hospitals to ship medicine and diet straight right into a affected person’s circulatory system. These are TCP/IP–enabled machines designed to ship information to healthcare suppliers to allow more practical care.
The primary of the vulnerabilities (tracked CVE–2022–26390) found by Rapid7 brought on the pump to switch the WiFi credential to the battery unit when the latter was linked to the first infusion pump and the infusion pump powered up.
The second flaw (tracked CVE–2022–26392), however, noticed the publicity of the command ‘hostmessage’ to format string vulnerability when working a telnet session on the Baxter SIGMA WiFi battery firmware model 16.
The third vulnerability (tracked CVE–2022–26393) was additionally a format string vulnerability on WiFi battery software program model 20 D29, and the fourth one (tracked CVE–2022–26394) noticed WiFi battery items (variations 16, 17 and 20 D29) permitting distant unauthenticated altering of the SIGMA GW IP handle (used for configuring the again–finish communication providers for the gadgets’ operation).
All these vulnerabilities have now reportedly been mounted, however within the new disclosure report, Heiland clarified that even earlier than the patches have been launched, the problems couldn’t have been exploited over the web or at a terrific distance.
“An attacker would should be inside at the least WiFi vary of the affected gadgets, and in some circumstances, the attacker would wish to have direct bodily entry.”
On the identical time, the safety skilled warned that if an attacker may get community entry to a pump unit, they might, with a single unauthenticated packet, trigger the unit to redirect all again–finish system communications to a bunch they management, permitting for a possible man within the center (MiTM) assault.
“This might affect the accuracy of the pump information being despatched for monitoring and recording functions, and likewise probably be used to intercept Drug library information updates to the pumps — which may probably be harmful.”
Extra details about the patched SIGMA vulnerabilities, together with numerous mitigation methods, is obtainable within the Rapid7 disclosure report.
The doc comes months after analysis by Palo Alto Networks’ Unit 42 recommended most sensible medical infusion pumps have identified safety gaps that make them susceptible to hackers.
