Vulnerabilities identified in PeerVue Web Server, Carestream Vue RIS and Siemens Healthcare Products
Share this article on:
The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued five advisories in the past week regarding vulnerabilities discovered in equipment used by security organizations. health care in the United States.
Change the PeerVue Healthcare web server
A vulnerability (CVE-2018-10624) has been identified in the Change Healthcare PeerVue web server that could allow an attacker to obtain information about the web server that would allow them to be targeted in a cyberattack. The vulnerability requires only a low skill level to be exploited by an attacker on an adjacent network. The vulnerability exposes information via an error message.
The flaw was discovered by Zingbox security researcher Dan Regalado and was given a CVSS v3 Base Score of 4.3.
Change Healthcare took prompt action to address the vulnerability and a patch has now been released. Users should contact Change Healthcare if they are running PeerVue Web Server 7.6.2 or earlier for information on installing the patch.
Carestream Vue RIS
A remotely exploitable vulnerability (CVE-2018-17891) has been discovered in the CareStream Vue RIS web-based radiology system that, if exploited, would allow an attacker with network access to passively read traffic.
Carestream has confirmed that the vulnerability affects RIS client versions 11.2 and earlier, which run on Windows 8.1 machines with IIS/7.5.
The vulnerability would allow an attacker to access information through an HTTP 500 error message that is triggered when contacting a Carestream server when no Oracle TNS listener is available. The exposed information could be used to launch a more elaborate attack.
The vulnerability, which was also identified by Zingbox’s Dan Regalado, was given a CVSS v3 Base Score of 3.7.
Carestream has addressed the vulnerability in the current version of its software (v11.3). Users unable to upgrade immediately should disable “Show debug messages” and enable SSL for client/server communications.
Siemens SCALANCE W1750D
Siemens has discovered a vulnerability (CVE-2018-13099) in version 22.214.171.124 and earlier versions of its SCALANCE W1750D WLAN access point that could allow an attacker to decrypt TLS traffic. ICS-CERT notes that there are already public exploits available for the vulnerability.
To exploit the vulnerability, the attacker would need network access to a vulnerable device. By observing the TLS traffic between a legitimate user and a device, it would be possible for the attacker to decrypt the TLS traffic.
The vulnerability was given a CVSS v3 Base Score of 5.9.
Siemens has fixed the defect with a firmware update and all users are urged to upgrade to v126.96.36.199 as soon as possible. Siemens recommends that administrators restrict access to the web interface of affected devices until the firmware upgrade is applied and only use devices in a protected computing environment.
Siemens ROX II
Siemens has discovered two inappropriate privilege management vulnerabilities affecting all versions of its ROX II products prior to v2.12.1. Vulnerabilities can be exploited remotely and only require a low level of skill.
Siemens reports that an attacker with access to port 22/TCP with valid low privilege user credentials for the device could exploit a vulnerability (CVE-2018-13801) to elevate privileges and gain root access At the phone. The vulnerability was given a CVSS v3 Base Score of 8.8.
An authenticated person with access to a highly privileged user account through the SSH interface on port 22/TCP could bypass restrictions and execute arbitrary operating system commands. This vulnerability (CVE-2018-13802) has been assigned a CVSS v3 base score of 7.2.
Both vulnerabilities were fixed in software v2.12.1 and users were urged to update as soon as possible. In the meantime, network access to port 22/TCP should be limited, if possible.
Siemens SIMATIC S7-1200 CPU family version
A remotely exploitable vulnerability (CVE-2018-13800) has been identified in all versions prior to 4.2.3 of SIMATIC S7-1200 CPU Family Version 4.
The cross-site request forgery vulnerability could be exploited if a legitimate user who has been authenticated to the web interface is tricked into accessing a malicious link – via email for example. By exploiting the vulnerability, the attacker could read or modify parts of the device configuration.
The vulnerability, identified by Lisa Fournet and Marl Joos of P3 communications GmbH, was given a CVSS v3 base score of 7.5.
Siemens fixed the vulnerability with a new firmware version and urged all users to upgrade to v4.2.3 as soon as possible. Until the firmware upgrade has been applied, Siemens recommends that users do not visit other websites while authenticated to the controller.