Device Details Discovered

GE Aestiva and Aespire Devices

CyberMDX discovered that GE Aestiva devices and certain models of the GE Aespire anesthesia machine may be subject to unauthorized network communications and commands resulting from a protocol reversion vulnerability.  Among other things, this vulnerability can be exploited to alter gas composition inputs...

October 29, 2018


BD AlarisTM Gateway Workstation (firmware vulnerability)

The CyberMDX Research team discovered that the BD AlarisTM Gateway Workstation's firmware is vulnerable to malicious exploitation whereby an upgrade can be executed without any predicate permissions and allow bad actors a route to "authenticate" malicious content...

October 28, 2018


BD AlarisTM Gateway Workstation (web management vulnerability)

The CyberMDX Research team discovered that the BD AlarisTM Gateway Workstation's web management system is vulnerable to malicious exploitation. Due to a lack of password protection, anyone knowing the IP address of a targeted workstation could...

October 28, 2018


BD AlarisTM TIVA Syringe Pump

The CyberMDX Research team discovered that if a malicious attacker can gain access to a hospital’s network and if the AlarisTM TIVA syringe pump is connected to a terminal server, the attacker can perform hacks without any prior knowledge of IP addresses or the pump's location...

May 8, 2018


Qualcomm Life Capsule Datacaptor Terminal Server

The CyberMDX Research team discovered that Qualcomm Life Capsule's Datacaptor Terminal Server is vulnerable to “misfortune cookie” — CVE-2014-9222, allowing remote arbitrary memory write...

May 8, 2018