Vulnerabilities

PwnedPiper flaws in PTS systems affect 80% of major US hospitals

0

Multiple flaws have been disclosed in the widely-used pneumatic tube system (PTS) that are vulnerable to attacks.

The cyber security researchers from security firm Armis disclosed a set of nine vulnerabilities that has been dubbed PwnedPiper which when exploited can perform multiple attacks against a widely-used pneumatic tube system (PTS).

The Swisslog PTS system are used in the hospitals to automate logistics and the transport of materials throughout the building via a network of pneumatic tubes.

The flaw affects the Translogic PTS system manufactured by Swisslog Healthcare, which is installed in about 80% of all major hospitals in North America and thousands of hospitals worldwide.

It is possible for a threat actor to exploit the PwnedPiper vulnerabilities to completely take over the Translogic Nexus Control Panel, which powers current models of Translogic PTS stations.

The attackers can conduct a broad range of malicious activities, such as carrying out a man-in-the-middle (MitM) attack to change or deploy ransomware.

According to a post published by Armis, these vulnerabilities can enable an unauthenticated attacker to take over Translogic PTS stations and essentially gain complete control over the PTS network of a target hospital. The attackers can perform sophisticated ransomware attacks and can leak sensitive hospital information.

The flaws include privilege escalation, memory corruption, remote-code execution, and denial-of-service issues. An attacker could also push an insecure firmware upgrade to fully compromise the devices.

The vulnerabilities discovered by the researchers include:

  • CVE-2021-37161 – Underflow in udpRXThread
  • CVE-2021-37162 – Overflow in sccProcessMsg
  • CVE-2021-37163 – Two hardcoded passwords accessible through the Telnet server
  • CVE-2021-37164 – Off-by-three stack overflow in tcpTxThread
  • CVE-2021-37165 – Overflow in hmiProcessMsg
  • CVE-2021-37166 – GUI socket Denial of Service
  • CVE-2021-37167 – User script run by root can be used for PE
  • CVE-2021-37160 – Unauthenticated, unencrypted, unsigned firmware upgrade

Most of the above mentioned vulnerabilities are addressed in the new Nexus Control Panel version 7.2.5.7. The CVE-2021-37160 has yet to be addressed.

Image Credits : Swisslog Healthcare

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    Amazon hit with record $888 Million GDPR fine for behavioral advertising

    Previous article

    DarkSide ransomware gang returns as new BlackMatter operation

    Next article

    You may also like

    Comments

    Leave a reply

    Your email address will not be published. Required fields are marked *