Researchers found Vulnerabilities within Healthcare Institutions that expose them to Cyberthreats

December 3, 2021
Vulnerabilities Healthcare Institutions Cyberthreats Nucleus:13 Medical Siemens

Healthcare institutions have millions of connected devices exposed to critical vulnerabilities. These vulnerabilities allow threat actors to disrupt medical tools and patient monitors, including the Internet of Things (IoT) devices that have control over systems and equipment inside health facilities like ventilation systems. 

The communications protocol TCP/IP stacks are also utilised in other industries besides the healthcare sector, such as the automotive and industrial sectors. Cybersecurity researchers have detailed 13 new vulnerabilities within the Nucleus Net TCP/IP stacks, dubbed the Nucleus:13. 

Devices that are based around the Nucleus TCP/IP stacks could find vulnerabilities amongst them. It could give threat actors a way to engage in remote code execution, DDoS attacks, and data breaching. Nonetheless, experts are unsure whether threat actors have already exploited the vulnerability. 

The Nucleus TCP/IP stack was first published in 1993 and is now owned by Siemens. This company focuses on infrastructure and energy solutions, automation and software for industry, and a medical diagnosis leader. It is still being used today for critical safety devices, especially within healthcare institutions, where it is applied for patient monitors, anaesthesia machines, automation systems, and more. 

 

Patient care and machines within healthcare institutions are greatly exposed to these vulnerabilities, including highly important systems inside their establishment. 

 

One of the critical vulnerabilities detailed by the security researchers was the CVE-2021-31886 with a Common Vulnerability Scoring System (CVSS) that reached 10 out of 10. It is a vulnerability found in the File Transfer Protocol (FTP) servers that don’t appropriately validate user command lengths, resulting in stack-based buffer overflows. Threat actors could abuse this vulnerability to perform DDoS attacks and remote code execution. 

The second vulnerability, CVE-2021-31887, has a CVSS score of 9.9. For this vulnerability, it does not appropriately validate the PWD or XPWD FTP server commands lengths. Lastly, vulnerability CVE-2021-31888 do not appropriately validate the MKD or XMKD FTP commands lengths. Similar to the first vulnerability mentioned, these two vulnerabilities can cause stack-based buffer overflows that threat actors can use for DDoS attacks or remote code execution. 

Experts believe that despite threat actors needing to go through a series of extensive steps to exploit the vulnerabilities fully, the potential of attacks will always exist as long as the vulnerabilities do too. 

A spokesperson from Siemens told the researchers that the security patches they released are helpful to mitigate the threats caused by the vulnerabilities.  Furthermore, it is recommended that networks be segmented so that the exposure of any software or devices from vulnerabilities will be limited even if they were not patched. 

About the author

Leave a Reply