Vulnerability in CPAP Machine

Tuesday, August 15, 2017 @ 05:08 PM gHale


There is an improper input validation vulnerability in BMC Medical’s and 3B Medical’s Luna continuous positive airway pressure (CPAP) therapy machine, according to a report with ICS-CERT.

For devices released after July 1, this vulnerability has been addressed. However, for devices released prior to July 1, BMC Medical and 3B Medical offer no mitigations.

RELATED STORIES
Advantech Unable to Verify WebOP Hole
ABB’s SREA-01, SREA-50 Patched
Fuji Fixes Electric Monitouch V-SFT
Hole in Solar Controls WATTConfig M Software

The Luna CPAP Machine, all devices released prior to July 1 suffer from the issue.

Successful exploitation of this vulnerability could allow an attacker to cause a crash of the device’s Wi-Fi module resulting in a denial-of-service condition affecting the Wi-Fi module chipset. This does not affect the device’s ability to deliver therapy.

The operation of the Luna CPAP can be broken into therapeutic and communication functions.

BMC Medical, based in China, manufactures the device and firmware chipset used in delivery of therapy. 3B Medical, based in the United States, manages the Wi-Fi module chipset used in communication.

The affected product, the Luna CPAP Machine, is a continuous positive airway pressure therapy machine. It is deployed worldwide across the healthcare and public health sectors.

An improper input validation vulnerability has been identified, which may allow an authenticated attacker to crash the CPAP’s Wi-Fi module resulting in a denial-of-service condition.

Note the vulnerability affects only the Wi-Fi module; the device can continue delivering therapy even after the Wi-Fi module has crashed.

CVE-2017-12701 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 4.6.

This vulnerability is exploitable via adjacent network access. No known public exploits specifically target this vulnerability. However, an attacker with a low skill would be able to exploit this vulnerability.



Leave a Reply

You must be logged in to post a comment.