{"id":23614,"date":"2022-03-10T11:28:48","date_gmt":"2022-03-10T10:28:48","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=23614"},"modified":"2022-03-10T11:28:48","modified_gmt":"2022-03-10T10:28:48","slug":"access7-sicherheitslcken-mit-auswirkungen-auf-medizinische-und-iot-gerte","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/03\/10\/access7-sicherheitslcken-mit-auswirkungen-auf-medizinische-und-iot-gerte\/","title":{"rendered":"Access:7 vulnerabilities impacting medical and IoT devices"},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2022\/03\/10\/access7-sicherheitslcken-mit-auswirkungen-auf-medizinische-und-iot-gerte\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]Security vendor Forescout has found no less than seven vulnerabilities in the PTC Axeda agent during an investigation. This software is used in medical and IoT devices, which means that the vulnerabilities grouped under the name Access:7 have an impact on the security of such devices. Here is a brief overview of the facts.<\/p>\n<p><!--more--><\/p>\n<h2>The PTC Axeda Agent <\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg04.met.vgwort.de\/na\/69fcbd36e9a84be58fb301982a691faf\" width=\"1\" height=\"1\">The Axeda Agent solution allows device manufacturers to remotely access and manage connected devices. The affected agent is most common in healthcare, but also occurs in other industries such as financial services and manufacturing. A <a href=\"https:\/\/www.cybermdx.com\/access7-affected-devices\/\" target=\"_blank\" rel=\"noopener\">detailed list<\/a> of more than 150 potentially affected devices from more than 100 vendors illustrates the significance of the vulnerabilities. The list includes several medical imaging and laboratory devices. But Dell Policy Manager 6.6 ESRS is also listed as \"unconfirmed.\" <\/p>\n<h2>The Access:7 vulnerabilities<\/h2>\n<p>Forescout's Vedere Labs, in collaboration with CyberMDX, discovered as many as seven new vulnerabilities affecting PTC's Axeda agent. Catalin Cimpanu points out the vulnerabilities, known as Access:7, in the following <a href=\"https:\/\/twitter.com\/campuscodi\/status\/1501210771069489160\" target=\"_blank\" rel=\"noopener\">tweet<\/a>. <\/p>\n<p><a href=\"https:\/\/twitter.com\/campuscodi\/status\/1501210771069489160\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"Access:7 Vulnerarbilities\" alt=\"Access:7 Vulnerarbilities\" src=\"https:\/\/i.imgur.com\/otunXlc.png\"><\/a><\/p>\n<p>Three of the vulnerabilities were deemed critical by <a href=\"https:\/\/www.cisa.gov\/uscert\/ics\/advisories\/icsa-22-067-01\" target=\"_blank\" rel=\"noopener\">CISA<\/a> because they could allow hackers to remotely execute malicious code and take complete control of devices, access sensitive data or change configurations in affected devices. Forescout has published the details of the vulnerabilities in <a href=\"https:\/\/www.forescout.com\/blog\/access-7-vulnerabilities-impact-supply-chain-component-in-medical-and-iot-device-models\/\" target=\"_blank\" rel=\"noopener\">this post<\/a>.&nbsp; <\/p>\n<p>Problem with the whole thing: IoT devices and medical devices use a wide range of operating systems, hardware and software. Usually, manufacturers do not allow their customers to install software, including security agents, on their devices. In the case of Access:7, PTC relies on device manufacturers to install the Axeda agent before their devices are sold to customers, which is commonly referred to as an original equipment manufacturer (OEM) approach. Administrators can only minimize the risk by ensuring that these devices are not remotely accessible via the Internet or are appropriately secured.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Security vendor Forescout has found no less than seven vulnerabilities in the PTC Axeda agent during an investigation. This software is used in medical and IoT devices, which means that the vulnerabilities grouped under the name Access:7 have an impact &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/03\/10\/access7-sicherheitslcken-mit-auswirkungen-auf-medizinische-und-iot-gerte\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-23614","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/23614","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=23614"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/23614\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=23614"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=23614"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=23614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}