Homeland Security issues advisory for 4 Siemens imaging systems

Twitter icon
Facebook icon
LinkedIn icon
e-mail icon
Google icon
 - Siemens Sensation CT

The Department of Homeland Security (DHS) and Siemens Healthineers issued an advisory that four of the company’s diagnostic imaging systems may be vulnerable to cyberattacks.

The August 3 release mentions all Windows 7-based versions of Siemens PET/CT systems, SPECT/CT Systems, SPECT systems and SPECT Workplaces/Symbia.net.

“Successful exploitation of these vulnerabilities may allow the attacker to remotely execute arbitrary code,” according to the advisory on DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) website. “Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment and specific clinical usage.”

Siemens mentions four possible methods of remotely hacking the systems:

Improper Control of Code Generation (1): An unauthenticated remote attacker could execute arbitrary code by sending specially crafted HTTP requests to the Microsoft web server (Port 80/TCP and Port 443/TCP) of affected devices.

Improper Control of Code Generation (2): An unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service on Port 3465/TCP of affected devices.

Improper Restriction of Operations within the Bounds of a Memory Buffer: An unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service of affected devices.

Permissions, Privileges and Access Controls: An unauthenticated remote attacker could execute arbitrary code by sending a specially crafted request to the HP Client automation service of affected devices.

Siemens is preparing updates for the vulnerable systems. The company suggests users run devices in a dedicated network segment and protected IT environment. If that is not possible, products should be disconnected from networks and reconnected only after the provided patch has been installed.