During large-scale research projects for some of our hospital customers multiple medical devices were analyzed for vulnerabilities. We were able to determine several 0-day vulnerabilities which were not know until then. Today was the day the first of this series of issues got published and addressed by the vendor. In this case it was a serious vulnerability in an infusion pump by the vendor B. Braun. scip AG guided the vendor in addressing and patching this issue to prevent future exploitation and harm of patients. We would like to thank the US-American agencies – especially the ICS-CERT – which supported us in the coordinated disclosure of this advisory and the ongoing negotiation of the remaining issues.

Links

• https://ics-cert.us-cert.gov/advisories/ICSMA-17-082-02
• https://vuldb.com/?id.91694

Tags