04 AUG

Siemens, DHS warn of “low skill” exploits against CT and PET Scanners

The Department of Homeland Security’s Industrial Control System Computer Emergency Response Team (ICS-CERT) has issued an alert warning of four vulnerabilities in multiple medical molecular imaging systems from Siemens. All of these systems have publicly available exploits that could allow an attacker to execute code remotely—potentially damaging or compromising the safety of the systems. “An attacker with a low skill would be able to exploit these vulnerabilities,” ICS-CERT warned.

Siemens identified the vulnerabilities in a customer alert on July 26, warning that the vulnerabilities were highly critical—giving them a rating of 9.8 out of a possible 10 using the Common Vulnerability Scoring System. The systems affected include Siemens CT, PET, and SPECT scanners and medical imaging workflow systems based on Windows 7.

One of the vulnerabilities is in the built-in Window Web server running on the systems. “An unauthenticated remote attacker could execute arbitrary code by sending specially crafted HTTP requests to the Microsoft Web server (port 80/tcp and port 443/tcp) of affected devices,” Siemens warned in its alert. The bug in the Web server software allows code injection onto the devices.

Read 4 remaining paragraphs | Comments

Ars Technica

Post Author: martin

Martin is an enthusiastic programmer, a webdeveloper and a young entrepreneur. He is intereted into computers for a long time. In the age of 10 he has programmed his first website and since then he has been working on web technologies until now. He is the Founder and Editor-in-Chief of BriefNews.eu and PCHealthBoost.info Online Magazines. His colleagues appreciate him as a passionate workhorse, a fan of new technologies, an eternal optimist and a dreamer, but especially the soul of the team for whom he can do anything in the world.