Medical Infusion Pumps Vulnerable to Remote Attacks
Alaris Gateway Workstation, a control system for infusion pumps manufactured by Becton Dickinson (BD), contains two vulnerabilities that allow hackers to remotely tamper with the pump’s functions. CVE-2019-10959 is a critical flaw with a CVSSv3 base score of 10, the highest possible severity rating for a vulnerability. An attacker can remotely install unauthorised firmware in the Alaris Gateway and adjust specific commands on the infusion pump to directly impact the patient’s health. The second vulnerability, CVE-2019-10962, affects the Web Browser User Interface where a lack of authentication can provide access to the Alaris Gateway’s status and configuration information. Medical institutions using the affected products are encouraged to apply the latest software patch even though both vulnerabilities are not observed to be exploited in the wild.
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services