Siemens, DHS warn of “low skill” exploits against CT and PET Scanners
“The Department of Homeland Security’s Industrial Control System Computer Emergency Response Team (ICS-CERT) has issued an alert warning of four vulnerabilities in multiple medical molecular imaging systems from Siemens. All of these systems have publicly available exploits that could allow an attacker to execute code remotely—potentially damaging or compromising the safety of the systems. ‘An attacker with a low skill would be able to exploit these vulnerabilities,’ ICS-CERT warned.
Siemens identified the vulnerabilities in a customer alert on July 26, warning that the vulnerabilities were highly critical—giving them a rating of 9.8 out of a possible 10 using the Common Vulnerability Scoring System. The systems affected include Siemens CT, PET, and SPECT scanners and medical imaging workflow systems based on Windows 7.”