doted-bg-grey.svg

 

 

CyberMDX’s research and analyst team regularly works with medical device organizations in the responsible disclosure of security vulnerabilities. The threat intelligence team works tirelessly to help protect hospitals and healthcare organizations from malicious attacks.
The team’s researchers, white hat hackers, and engineers collect information about possible attack paths to understand attacker motives, means, and methods in an effort to deliver the best protection possible.

 

Device Details Discovered

GE Aestiva and Aespire Devices

CyberMDX discovered that GE Aestiva devices and certain models of the GE Aespire anesthesia machine may be subject to unauthorized network communications and commands resulting from a protocol reversion vulnerability.  Among other things, this vulnerability can be exploited to alter gas composition inputs...

October 29, 2018

 

BD AlarisTM Gateway Workstation (firmware vulnerability)

The CyberMDX Research team discovered that the BD AlarisTM Gateway Workstation's firmware is vulnerable to malicious exploitation whereby an upgrade can be executed without any predicate permissions and allow bad actors a route to "authenticate" malicious content...

October 28, 2018

 

BD AlarisTM Gateway Workstation (web management vulnerability)

The CyberMDX Research team discovered that the BD AlarisTM Gateway Workstation's web management system is vulnerable to malicious exploitation. Due to a lack of password protection, anyone knowing the IP address of a targeted workstation could...

October 28, 2018

 

BD AlarisTM TIVA Syringe Pump

The CyberMDX Research team discovered that if a malicious attacker can gain access to a hospital’s network and if the AlarisTM TIVA syringe pump is connected to a terminal server, the attacker can perform hacks without any prior knowledge of IP addresses or the pump's location...

May 8, 2018

 

Qualcomm Life Capsule Datacaptor Terminal Server

The CyberMDX Research team discovered that Qualcomm Life Capsule's Datacaptor Terminal Server is vulnerable to “misfortune cookie” — CVE-2014-9222, allowing remote arbitrary memory write...

May 8, 2018