Australia

Medical System Security Information

The content on this page is intended to healthcare professionals and equivalents.

Product security  Advisories

  1. Treck TCP/IP stack vulnerabilities
    19 vulnerabilities were found in Treck TCP/IP stack named Ripple20. Exploitation of these vulnerabilities could result in remote code execution, denial of service, or information disclosure. For details, refer to the website below.
    https://www.jsof-tech.com/ripple20
    https://us-cert.cisa.gov/ics/advisories/icsa-20-168-01
  2. Impacts on our products
    Our products do not use Treck TCP/IP which has these vulnerabilities. Therefore, we have determined that they are not affected by these vulnerabilities.
  1. Bluetooth Low Energy Vulnerability (SweynTooth)
    FDA issued the following FDA Safety Communication on March 3, 2020.
    SweynTooth Cybersecurity Vulnerabilities May Affect Certain Medical Devices(FDA Safety Communication)
    It describes information regarding vulnerabilities, named “Sweyn Tooth”, associated with a wireless
    communication technology known as Bluetooth Low Energy (BLE).
  2. Summary
    Successful exploitation of this vulnerability could allow an attacker within wireless range to cause a
    deadlock, crash, buffer overflow, or to completely bypass security function. For details, refer to the
    website below.
    https://www.us-cert.gov/ics/alerts/ics-alert-20-063-01
  3. Impacts on our products
    Our products do not have a Bluetooth function that uses this vulnerable Bluetooth Low Energy (BLE).
    Therefore, we have determined that they are not affected by these vulnerabilities.
  1. Vulnerabilities of Remote Desktop Service for Windows
    Microsoft Corp. has disclosed vulnerabilities (CVE-2019-0708, CVE-2019-1181 and CVE-1182) of remote desktop service (software for remote control from other computers) installed in the Windows OS. An attacker who successfully exploited these vulnerabilities could install programs, display, modify, or delete data.
  2. Impacts on our products
    Our products are not affected by these vulnerabilities, but since Microsoft has released patches for them, we have also completed the patch application evaluation for the products using the subject Windows. If you would like to apply the patch, contact the sales office where you purchased the product. In addition, in order to maintain the security of our products, refer to the following (3) for ensuring the security of your network.
  3. Reference
    The following countermeasures are effective for vulnerabilities of the remote desktop service in the network environment of customers.

     (a) Disallowance for the use of Remote Desktop Services
    If it is possible to allow or disallow the use of remote desktop services in the Windows settings, disallow it.

    (b) Communication route control
    In the network to which our products are connected, set the network device so as to prohibit communication from computers other than those that allow access to them.

     (c) Control of communication protocol and communication port
    Since the attack on the remote desktop service uses the following communication protocols and communication ports, the network device is set so as not to allow the communication.

Services used

Protocol type and port number used

Remote desktop service

TCP port 3389

  1. VxWorks Vulnerabilities
    Serious vulnerabilities of VxWorks named “URGENT/11” have been notified on the HP of Wind River and it is recommended to take urgent measures.
  2. Summary
    URGENT/11 is 11 vulnerabilities found in VxWorks TCP/IP stack (IPnet), 6 of which are classified as critical vulnerabilities that allow remote code execution. Other vulnerabilities could also be exploited for denial of service or information disclosure. For details, refer to the website below.
    TCP/IP Network Stack (IPnet, Urgent/11)  (Wd River)
    URGENT/11  (Armis)
  3. Impacts on our products
    Our products do not have VxWorks that uses IPnet with these vulnerabilities and we have determined that they are not affected by these vulnerabilities.

Notice

We currently do not have any urgent announcements.