topic Vulnerabilities in GE HealthCare Anesthesia Machines in Tech Talk https://community.isc2.org/t5/Tech-Talk/Vulnerabilities-in-GE-HealthCare-Anesthesia-Machines/m-p/24978#M1490 <P>A research team discovered a <A href="https://www.cybermdx.com/vulnerability-research-disclosures/ge-aestiva-and-ge-aespire" target="_blank" rel="noopener"><STRONG>vulnerability</STRONG></A>&nbsp;(pertains to&nbsp;<A href="https://cwe.mitre.org/data/definitions/287.html" target="_blank" rel="noopener">CWE-287</A>) related to the GE Healthcare Aestiva and Aespire devices (models 7100 and 7900). If an attacker gains access to a <STRONG>hospital’s network</STRONG> and if the devices are connected via terminal servers, the attacker can force the device to revert to an earlier, less secure version of the communication protocol and remotely modify parameters without authorization.&nbsp;</P><P>&nbsp;</P><P>When deployed using terminal servers, these manipulations can also be performed without any prior knowledge of IP addresses or location of the anesthesia machine. The attack could lead to:</P><P>&nbsp;</P><UL><LI>Unauthorized gas composition input - altering the concentration of inspired/expired oxygen, CO2, N2O, and anesthetic agents.</LI><LI>Manipulation of barometric pressure settings and anesthetic agent type selection.</LI><LI>Remote silencing of alarms.</LI><LI>Alteration of date and time settings.</LI></UL><P>Here is a link to the <A href="https://www.us-cert.gov/ics/advisories/icsma-19-190-01" target="_blank" rel="noopener">US-CERT advisory.</A></P> Mon, 09 Oct 2023 09:15:45 GMT AppDefects 2023-10-09T09:15:45Z Vulnerabilities in GE HealthCare Anesthesia Machines https://community.isc2.org/t5/Tech-Talk/Vulnerabilities-in-GE-HealthCare-Anesthesia-Machines/m-p/24978#M1490 <P>A research team discovered a <A href="https://www.cybermdx.com/vulnerability-research-disclosures/ge-aestiva-and-ge-aespire" target="_blank" rel="noopener"><STRONG>vulnerability</STRONG></A>&nbsp;(pertains to&nbsp;<A href="https://cwe.mitre.org/data/definitions/287.html" target="_blank" rel="noopener">CWE-287</A>) related to the GE Healthcare Aestiva and Aespire devices (models 7100 and 7900). If an attacker gains access to a <STRONG>hospital’s network</STRONG> and if the devices are connected via terminal servers, the attacker can force the device to revert to an earlier, less secure version of the communication protocol and remotely modify parameters without authorization.&nbsp;</P><P>&nbsp;</P><P>When deployed using terminal servers, these manipulations can also be performed without any prior knowledge of IP addresses or location of the anesthesia machine. The attack could lead to:</P><P>&nbsp;</P><UL><LI>Unauthorized gas composition input - altering the concentration of inspired/expired oxygen, CO2, N2O, and anesthetic agents.</LI><LI>Manipulation of barometric pressure settings and anesthetic agent type selection.</LI><LI>Remote silencing of alarms.</LI><LI>Alteration of date and time settings.</LI></UL><P>Here is a link to the <A href="https://www.us-cert.gov/ics/advisories/icsma-19-190-01" target="_blank" rel="noopener">US-CERT advisory.</A></P> Mon, 09 Oct 2023 09:15:45 GMT https://community.isc2.org/t5/Tech-Talk/Vulnerabilities-in-GE-HealthCare-Anesthesia-Machines/m-p/24978#M1490 AppDefects 2023-10-09T09:15:45Z