PwnedPiper vulnerabilities threaten thousands of hospitals in North America
Pneumatic tube systems used in thousands of hospitals around the world contain 9 critical vulnerabilities. The stations are part of the hospital’s critical infrastructure as they are used to quickly deliver such tests, blood, tissue, laboratory samples or drugs.
The problems, collectively known as PwnedPiper, are found in some of SwissLog’s TransLogic automated pneumatic tubing systems. According to the manufacturer, TransLogic PTS is used in more than 2,300 hospitals in North America, and more than 3,000 departments around the world.
According to experts from the information security company Armis, an unauthorized attacker can take full control over some TransLogic PTS stations connected to the Internet, and then take over the entire PTS network of the hospital. Experts have identified nine critical vulnerabilities in the firmware of the Nexus control panel to control “all current models of Translogic PTS stations.” Although not all problems can be exploited remotely, their level of severity remains.
The manufacturer Swisslog said the problems are affecting the HMI-3 circuit board in Nexus panels connected to the internet. The vulnerable PTS products “are used primarily in North American hospitals,” the company noted.
“The potential for hacking stations with pneumatic pipes depends on an attacker who has access to the facility’s information technology network and can cause additional damage by exploiting these vulnerabilities,” the manufacturer explained.
The researchers reported their findings to Swisslog on May 1 of this year, and the company has released fixes for these issues in software version 22.214.171.124. However, the firmware update fixed all but one vulnerability (CVE-2021-37160).
Catch up on more articles here
Follow us on Twitter here