Banner Mockup

Whitepaper: Microsegmentation in Healthcare

Check out the newest guidance for securing healthcare environments

Threat Intelligence: B. Braun Device Vulnerabilities

Two New ICS Medical Advisories Issued: ICSMA-20-296-01 and ICSMA-20-296-02
Cynerio
Oct 22, 2020
Threat Intelligence

Advisory Information

CISA released two ICS Medical Advisories (ICSMA-20-296-01 and ICSMA-20-296-02) on October 22, 2020. Both advisories concern B. Braun devices and have CVSS scores of v3 8.6 and 7.6, respectively. The vulnerabilities enable remote exploitation of these medical devices and could allow threat actors to escalate privileges, access ePHI, and upload malicious data packets, compromising the devices’ security.

Devices Affected

The following B. Braun Melsungen AG products are affected by these vulnerabilities:

  • OnlineSuite, versions AP 3.0 and older  
  • SpaceCom, firmware versions U61 and older within the US, and versions L81 and older internationally
  • Battery Pack SP with WiFi, firmware versions U61 and older within the US, and versions L81 and older internationally
  • Data module compactplus, firmware versions A10 and A11 (internationally)

What Is the Impact on Healthcare?

Since these vulnerabilities enable remote code execution, threat actors who gain access to these medical devices can disrupt the functionality of the devices and steal sensitive patient information. Bad actors can also leverage these vulnerabilities to move laterally across the clinical network and gain wide-scale access to the healthcare IT network, risking operational shutdown and jeopardizing patient safety. 

How Can Cynerio Help Mitigate the Threat?

  1. Cynerio identifies every B. Braun device affected within the healthcare ecosystem, and alerts the relevant team members
  2. Update device firmware to the latest version
  3. To ensure affected devices are not connected to the Internet, Cynerio automatically configures clinically-enriched north-south segmentation policies teams can confidently enforce
  4. Cynerio also automatically configures east-west segmentation policies to limit lateral movement between devices across the network
  5. After the appropriate mitigation measures have been taken, Cynerio will continuously monitor the network for suspicious activity

In support of CISA's National Cyber Awareness Month, Cynerio is offering healthcare facilities in North America  a free risk assessment until December 31, 2020.

Contact us today to get your free risk assessment.

Some Other Helpful Resources


read next

Threat Intel: Johnson Controls International (JCI) Hit by Ransomware Attack

Vicki Michaeli
Sep 29, 2023

Threat Intel: Log4j - Critical Zero Day Vulnerability

Cynerio
Dec 13, 2021
Go Back to Blog

Keep your finger on the pulse of Healthcare IoT security

Get Your Free Pass to HIMSS21

August 9 -13, Las Vegas

HOW? Easy! If you are a Healthcare IT Executive and you book a 30-minute call with us before July 30th, you get a free pass (valued at $1295)

Book a Call

*Please note that there is limited pass availability

Product
Healthcare Cybersecurity PlatformPatient Data SecurityNetwork Detection + ResponseComplete Asset VisibilityMedical Device SecurityCynerioLive
Resources
BlogThreat IntelligenceDatasheetsWhite PapersUse CasesVideosWebinars
Company
About UsLeadershipPress ReleasesCareersContact Us
Partners
ResellersDistributorsTechnology & Alliance PartnersMSSPReferral Partners
Follow us
Facebook
LinkedIn
X
© Copyrights Cynerio 2024
Privacy Policy