Forescout’s Vedere Labs and CyberMDX discovered seven supply chain vulnerabilities, including three rated critical by CISA, impacting medical and IoT devices that present an immediate risk to healthcare organizations, as well as the financial services and manufacturing sector.
Access:7 could enable hackers to remotely execute malicious code, access sensitive data or alter configuration on medical and IoT devices running PTC’s Axeda remote code and management agent. This disclosure illustrates the problems with supply chain components that Forescout identified in Project Memoria, but this time in a remote management solution.
including 3 critical
Over 150 device models from more than 100 device manufacturers are potentially affected by Access:7. Over half of the affected device vendors belong to the healthcare industry (55%), followed by almost a quarter (24%) that develop IoT solutions. The vulnerabilities were found most often in medical imaging (36%) and laboratory (31%) machines.
Learn what happens when vulnerabilities in remote access and management agents designed to expedite service on medical and IoT devices are exploited by hackers. This report discloses vulnerabilities in PTC’s Axeda agent, the main findings, common attack scenarios, impact on healthcare and other industries, and mitigation recommendations for device manufacturers and network operators.
Mitigations for device manufacturers include updating the Axeda agents, blocking numerous TCP ports and using a secure configuration. Network operators using affected devices should ensure that manufacturers are applying mitigations on their devices.
Complete protection against Access:7 requires patching devices running the vulnerable versions of the Axeda components. PTC has released its official patches and device manufacturers using this software should provide their own updates to customers.
In the technical report, we discuss mitigation strategies for device manufacturers. For network operators, we recommend the following:
More details about the vulnerabilities and their exploitation are available in our technical report.
Forescout automatically detects medical and IoT assets within your network and organizes them in a detailed inventory listing. This inventory listing will help you recognize whether you have devices affected by Access:7 and where they are located within your network. We then take the assets identified to Access:7 and provide recommended actions that can be taken to remediate the potential risk.
Additionally, the solution will discover any active exploitation attempts against the vulnerabilities in Access:7 and forward actionable alerts to your SIEM for analysis and mitigation of the threat. You can set up rules to track the number of devices affected by this vulnerability and you can monitor the progress of the remediation.
CyberMDX’s research and analyst team regularly works with medical device organizations in the responsible disclosure of security vulnerabilities. The comprehensive threat intelligence analyst team tirelessly works to help protect hospitals and healthcare organizations from malicious attacks on connected medical devices.
The team’s researchers, white hackers and engineers collect information about potential and existing threats to understand attacker motivations, intentions, and methodology and deliver the best protection against attacks and malware.
Forescout Technologies, Inc. actively defends the Enterprise of Things by identifying, segmenting and enforcing compliance of every connected thing. Fortune 1000 companies trust Forescout as it provides one of the most widely deployed, enterprise-class platforms at scale across IT, IoT and OT managed and unmanaged devices. Forescout arms customers with extensive device intelligence, data and policies to allow organizations across every industry to accurately classify risk, detect anomalies and quickly remediate cyberthreats without disruption of critical business assets. Don’t just see it. Secure it.
The Enterprise of Things – Secured.