Cybersecurity Alerts: Vulnerabilities in Healthcare and Industrial Control Systems
This week, the US Cybersecurity and Infrastructure Security Agency (CISA) issued warnings about critical vulnerabilities affecting industrial control systems (ICS) widely used in the healthcare and manufacturing sectors. These vulnerabilities have the potential to attract cybercriminal activity, highlighting the need for immediate attention and mitigation.
Baxter Connex Health Portal Vulnerabilities
CISA's advisory highlighted two serious vulnerabilities in Baxter's Connex Health Portal (formerly Hillrom and Welch Allyn). These vulnerabilities, both remotely exploitable with low attack complexity, pose significant risks:
CVE-2024-6795: This SQL injection vulnerability has a maximum severity rating of 10.0 on the CVSS scale. It allows unauthenticated attackers to execute arbitrary SQL queries on affected systems, potentially granting them the ability to access, modify, delete sensitive data, and perform administrative actions, including shutting down the database.
CVE-2024-6796: This issue involves improper access control, with a CVSS severity rating of 8.2. It enables attackers to potentially access and manipulate sensitive patient and clinician information. Like CVE-2024-6795, this vulnerability is remotely exploitable and does not require special privileges.
Baxter has issued updates to address these vulnerabilities. CISA recommends that organizations minimize network exposure for all control system devices and ensure they are not accessible from the Internet. Implementing firewalls and using secure remote access methods like VPNs are also advised.
While there have been no reported exploitations of these vulnerabilities so far, the healthcare sector remains a prime target for cybercriminals. Recent incidents, such as the ransomware attack on Change Healthcare and the breach at Lurie Children’s Hospital, underscore the sector's vulnerability. These attacks have resulted in significant disruptions and compromised sensitive patient information, highlighting the critical need for robust cybersecurity measures.
Mitsubishi MELSEC Programmable Controllers Vulnerabilities
CISA's advisory also addresses vulnerabilities in Mitsubishi Electric’s MELSEC programmable controllers, used in industrial automation and control. The advisory covers two key issues:
CVE-2020-5652: This denial-of-service (DoS) vulnerability was first disclosed in 2020 and has seen multiple updates as new issues emerged. The latest advisory expands the list of affected products and provides updated mitigation strategies.
CVE-2022-33324: Also a DoS vulnerability, this issue results from improper resource shutdown or release. First disclosed in December 2022, this vulnerability has seen continuous updates, with the latest advisory including new affected products and mitigation advice.
ICS vulnerabilities in the manufacturing sector are particularly concerning. A report by Armis revealed a 165% increase in attacks on manufacturing companies in 2023, making it the second-most targeted sector after utilities. More than 75% of manufacturing companies have unpatched high-severity vulnerabilities, underscoring the urgent need for improved security measures.
Conclusion
The recent advisories from CISA highlight critical vulnerabilities in both healthcare and industrial control systems. With these sectors being prime targets for cyberattacks, it is essential for organizations to apply the latest security updates and adopt best practices for securing their systems. Prompt action can help mitigate risks and protect sensitive data from malicious actors
No comments:
Post a Comment