cybersecurity

  • How can we help?

    Over the last 10 years we have spent a lot of time researching cybersecurity vulnerabilities for medical devices. In that time we have seen several themes arise again and again; information is highly fragmentary, if it can be found at all, and it is poorly cross-referenced. Even our good friends to the South have not…

    Read More

  • The Impetus

    Over the last 10 years we have spent a lot of time researching cybersecurity vulnerabilities for medical devices. In that time several themes arise repeatedly; information is highly fragmentary, if it can be found at all, and it is poorly cross-referenced. Even our good friends to the South have not managed to compile a good,…

    Read More

  • Illumina Universal Copy Service

    Successful exploitation of these vulnerabilities could allow an attacker to take any action at the operating system level. A threat actor could impact settings, configurations, software, or data on the affected product; a threat actor could interact through the affected product via a connected network.  CISA Number: ICSMA-23-117-01 CVE Number: Multiple CVE’s are involved in…

    Read More

  • B. Braun Battery Pack SP with Wi-Fi

    Successful exploitation of this vulnerability could allow a sophisticated and authenticated attacker to compromise the security of the Space communication device Battery Pack SP with Wi-Fi. An attacker could escalate privileges, view sensitive information, upload arbitrary files, and perform remote code execution.  CISA Number: ICSMA-23-103-01 CVE Number: CVE-2023-0888 Vendor Website: Vulnerability Information Additional Information:

    Read More

  • Medtronic Micro Clinician and InterStim Apps

    Medtronic has identified a potential issue related to its InterStim™ therapy and how passwords are saved within the Smart Programmer’s clinician app. CISA Number: ICSMA-23-061-01 CVE Number: CVE-2023-25931 Vendor Website: Vulnerability Information Additional Information:

    Read More

  • BD Alaris Infusion Central (Update A)

    Successful exploitation of this vulnerability could allow an attacker to obtain the database installation password and gain access to the Alaris Infusion Central database, resulting in disclosure of resident personal data.  CISA Number: ICSMA-23-047-01 CVE Number: CVE-2022-47376  Vendor Website: Vulnerability Information Additional Information:

    Read More

  • Philips Patient Information Center iX (PIC iX) and Efficia CM Series (Update A)

    This updated advisory is a follow-up to the original advisory titled ICSMA-21-322-02

    Read More