Siemens Molecular Imaging Windows 7 Issues

Thursday, August 3, 2017 @ 05:08 PM gHale


Siemens identified four vulnerabilities in Siemens’ Molecular Imaging products running on Windows 7 and the company is preparing updates for the affected products, according to a report with ICS-CERT.

Exploits that target these remotely exploitable vulnerabilities are known to be publicly available.

RELATED STORIES
Siemens Fixing Molecular Imaging XP Holes
Schneider Clears Pro-face GP-Pro EX Hole
Schneider Clears Trio TView Holes
Fix is in for Mitsubishi’s E-Designer

Siemens reports the vulnerabilities affect the following products:
• Siemens PET/CT Systems: All Windows 7-based versions
• Siemens SPECT/CT Systems: All Windows 7-based versions
• Siemens SPECT Systems: All Windows 7-based versions
• Siemens SPECT Workplaces/Symbia.net: All Windows 7-based versions

Successful exploitation of these vulnerabilities may allow the attacker to remotely execute arbitrary code.

The affected products, select molecular imaging products, see use in medical imaging. Molecular imaging products see action in the healthcare and public health sectors on a global basis.

In one vulnerability, an unauthenticated remote attacker could execute arbitrary code by sending specially crafted HTTP requests to the Microsoft web server (Port 80/TCP and Port 443/TCP) of affected devices.

CVE-2015-1635 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

In another vulnerability, an unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service on Port 3465/TCP of affected devices.

CVE-2015-1497 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

In addition, an unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service of affected devices.

CVE-2015-7860 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

Also, an unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service of affected devices.

CVE-2015-7861 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 9.8.

An attacker with a low skill would be able to exploit these vulnerabilities.

Siemens is preparing updates for the affected products and recommends protecting network access to the molecular imaging products with appropriate mechanisms. It is advised to run the devices in a dedicated network segment and protected IT environment. If this is not possible,

Siemens recommends the following:
• If patient safety and treatment is not at risk, disconnect the product from the network and use in standalone mode.
• Reconnect the product only after the provided patch or remediation is installed on the system. Siemens can patch systems capable of Remote Update Handling (RUH) much faster by remote software distribution compared to onsite visits. Therefore, users of RUH-capable equipment are recommended to clarify the situation concerning patch availability and remaining risk in the local customer network with the Siemens Customer Care Center first and then to reconnect the systems in order to receive patches as quickly as possible via RUH. This ensures smooth and fast receipt of updates and therefore supports reestablishment of system operations.

In addition, Siemens recommends:
• Ensure users have appropriate backups and system restoration procedures.
• For specific patch and remediation guidance information contact a local Siemens customer service engineer or a Siemens regional support center.

For more information on these vulnerabilities and more detailed mitigation instructions, click on Siemens Security Advisory SSA-814457.



Leave a Reply

You must be logged in to post a comment.