Forescout’s Vedere Labs and CyberMDX have made public seven (7) new vulnerabilities, dubbed Access:7, which were found in a major supply chain component utilized by hundreds of IoT and IoMT devices. These vulnerabilities if hacked could enable remote code execution, DDoS, and information disclosure in medical and IoT devices across the globe.
Forescout says it has been working with CISA for several months as part of the responsible disclosure process and due to the 9+ CVE rating, CISA has issued an advisory overnight.
With escalating cybersecurity threats amidst high geopolitical tension, healthcare organizations need to be informed of vulnerabilities and patch devices to mitigate risks.
What to Know:
- The vulnerabilities were found in PTC’s Axeda agent, which constantly communicate with surgical, ventilation and various lab equipment and devices. However, the agent also interacts with things like ATM machines
- The vulnerabilities share a lot of similarities to what played out with Kaseya
- If the vulnerabilities are exploited, it means hackers could take full control of these devices, access device data, alter critical patient data or modify configurations in the devices
- Forescout’s Vedere Labs and CyberMDX have found seven new supply chain vulnerabilities running on PTC’s Axeda remote code and management agent.
- These vulnerabilities if hacked could enable remote code execution, denial of service and information disclosure in medical and IoT devices.
- Three vulnerabilities have been rated critical by CISA as hackers could take full control of devices, access device data, alter critical patient data or modify configurations in impacted devices.
- More than 150 device models from more than 100 device manufacturers are potentially affected by these vulnerabilities with 55% of the device models utilizing these agents found in healthcare networks.
- Devices utilizing the impacted Axeda agents include surgical, ventilation and radiotherapy equipment along with several medical imaging and laboratory devices. Other industries potentially impacted by these newly disclosed vulnerabilities include financial services and manufacturing.
- The Axeda agent enables device manufacturers to remotely access and manage connected devices, making these vulnerabilities reminiscent of the Kaseya hack and the SolarWinds Orion compromise. Axeda was previously targeted in an attack in 2016, when legacy CareFusion devices were communicating with an expired domain that had been purchased by malicious actors.
- The impact of the Access:7 vulnerabilities can be seen in Vedere Labs’ Global Cyber Intelligence Dashboard that provides a consolidated view of the global device and threat landscape based on data and analysis collected across multiple networks and regions.
“With escalating cybersecurity threats amidst high geopolitical tension, it is critical that organizations understand where they could be vulnerable and how they can mitigate their risks. We have a responsibility to keep the healthcare community, as well as manufacturing, banking and financial services sectors, informed and safe as the industry experiences a severe rise in cyber attacks by nation states and hacker groups,” said Elad Luz, chief researcher of Access:7, CyberMDX, a Forescout company.
“The nature of these vulnerabilities could lead to heightened risk and expose healthcare organizations to even further cybersecurity threats and risks,” said Daniel dos Santos, head of security research at Vedere Labs, Forescout. “Access:7 further illustrates the problems with supply chain components that we have seen before in Forescout’s Project Memoria. However, this time it affects a remote management solution that could enable hackers to remotely execute malicious code. Complete protection against Access:7 requires patching devices running the vulnerable versions of the Axeda components and it is important organizations take action.”
Yu can read the full report here.