Unfortunately, the healthcare sector is usually the quickest way to squeeze out profits via blackmail and extortion -methods favored by the cybercrime industry. This is why merciless ransomware attacks aimed at healthcare and socially engineered healthcare scams have been so abundant. This time, CISA (us-cert CISA) has released details about software vulnerabilities afflicting multiple products belonging to German healthcare giant B. Braun Melsungen AG. The products affected are products related to medical infusion processes; a medical Wi-Fi-enabled battery pack, a medical workstation and an infusion pump data module.
About B. Braun Melsungen AG
B. Braun Melsungen AG is one of the largest medical and pharmaceutical companies in the world. The company produces a wide range of products, including; surgical products, blood treatment products and services, disposable hospital supplies, dialysis machines, and more.
General Overview of The Software Vulnerabilities
According to CISA’s report released on October 21st, 2021, five vulnerabilities (CVE-2021-33886, CVE-2021-33885, CVE-2021-33882, CVE-2021-33883, CVE-2021-33884) have been reported. Among the five vulnerabilities is one that is classified as high-risk. The high-risk vulnerability may potentially lead to the compromise of the medical devices via the vulnerable software.
In-Depth Analysis
Software vulnerability CVE-2021-33885 (ID code from the Common Vulnerabilities & Exposure Database) is a high-risk Insufficient verification of data authenticity security flaw. The vulnerability allows a remote attacker to compromise the target system. It exists due to insufficient verification of data authenticity. Therefore, a malicious remote attacker can send specially crafted data to the device, leading to the execution of malicious code through a lack of cryptographic signatures on critical data sets. As a result, a remote attacker can ultimately overwrite files and obtain sensitive information.
Vulnerable Software Versions
According to further research, the following software versions of the abovementioned medical devices may be compromised by a remote attacker if the software is not updated to the latest release; Within the United States and Canada:
Battery pack SP with WiFi: All software Versions 028U000061 and earlier, which have been installed in an Infusomat Space Infusion Pump or a Perfusor Space Infusion pump SpaceStation with SpaceCom 2: All software Versions 012U000061 and earlier
Outside the United States and Canada:
Battery Pack SP with Wi-Fi: All software Versions L81 and earlier that have been installed in a Perfusor Space, Infusomat Space, or Infusomat Space P pump SpaceStation with SpaceCom 2: All software Versions L81 and earlier Data module compactPlus: All software Versions A10 and A11 that have been installed in a Perfusor compactPlus, Infusomat compactPlus, or Infusomat P compactPlus pump
Important User Information
CISA (Cybersecurity & Infrastructure Security Agency) has stated that B. Braun has released updates that resolve the security issues affecting the above products. These updates should be administered immediately. For the United States and Canada regions, more information on how to acquire the updates can be found here. CISA has also provided extensive information regarding best practice and defensive measure recommendations for this issue in the main report.
