Hospital medical equipment contains potentially lethal vulnerability
Security researchers at CyberMDX have uncovered a highly dangerous vulnerability in the Alaris Gateway Workstation produced by BD. The vulnerable device is used in hospitals to “provide mounting, power, and communication support to infusion pumps,” which are used for “a wide range of therapies including fluid therapy, blood transfusions, chemotherapy, dialysis, and anesthesia.”
The critical flaw, tracked as CVE-2019-10962, enables threat actors to take control of Alaris Gateway Workstations and tamper with infusion rates of mounted infusion pumps, which can have life-threatening consequences under certain conditions. The attack can be launched remotely, as long as the hacker has access to the hospital network.
The researchers also found another, less dangerous flaw in the Alaris Gateway Workstation that could provide attackers with unauthorized access to sensitive data about workstations, including event logs and configuration information.