Healthcare

Critical Vulnerabilities in Medtronic Electrosurgical Generator

5 - 12 November 2019

Critical vulnerabilities in Medtronic Valleylab FT10 and FX8 electrosurgical generator could allow attackers to overwrite files and achieve remote code execution.
Cyber_News_Healthcare

Critical vulnerabilities in Medtronic Valleylab FT10 and FX8 electrosurgical generator could allow attackers to overwrite files and achieve remote code execution. Both electrosurgical devices are found to be using hard-coded credentials (CVE-2019-13543), a reversible one-way hash for OS password hashing (CVE-2019-13539) and a vulnerable version of the RSSH utility (CVE-2019-3464 and CVE-2019-2463). Successful exploitation can cause the product to malfunction and disrupt surgical procedures as the devices are frequently used for making precise cuts with minimum blood loss. Medtronic has released security patches for the FT10 platform and the fixes for the FX8 platform are expected to be released in early 2020.

References:

ICS Medical Advisory (ICSMA-19-311-02): Medtronic Valleylab FT10 and FX8

Valleylab™ FT10 And Valleylab™ FX8 Electrosurgical Generator RSSH Vulnerabilities

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence