Access:7 vulnerabilities impacting medical and IoT devices

Sicherheit (Pexels, allgemeine Nutzung)[German]Security vendor Forescout has found no less than seven vulnerabilities in the PTC Axeda agent during an investigation. This software is used in medical and IoT devices, which means that the vulnerabilities grouped under the name Access:7 have an impact on the security of such devices. Here is a brief overview of the facts.


Advertising

The PTC Axeda Agent

The Axeda Agent solution allows device manufacturers to remotely access and manage connected devices. The affected agent is most common in healthcare, but also occurs in other industries such as financial services and manufacturing. A detailed list of more than 150 potentially affected devices from more than 100 vendors illustrates the significance of the vulnerabilities. The list includes several medical imaging and laboratory devices. But Dell Policy Manager 6.6 ESRS is also listed as "unconfirmed."

The Access:7 vulnerabilities

Forescout's Vedere Labs, in collaboration with CyberMDX, discovered as many as seven new vulnerabilities affecting PTC's Axeda agent. Catalin Cimpanu points out the vulnerabilities, known as Access:7, in the following tweet.

Access:7 Vulnerarbilities

Three of the vulnerabilities were deemed critical by CISA because they could allow hackers to remotely execute malicious code and take complete control of devices, access sensitive data or change configurations in affected devices. Forescout has published the details of the vulnerabilities in this post

Problem with the whole thing: IoT devices and medical devices use a wide range of operating systems, hardware and software. Usually, manufacturers do not allow their customers to install software, including security agents, on their devices. In the case of Access:7, PTC relies on device manufacturers to install the Axeda agent before their devices are sold to customers, which is commonly referred to as an original equipment manufacturer (OEM) approach. Administrators can only minimize the risk by ensuring that these devices are not remotely accessible via the Internet or are appropriately secured.


Advertising


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).