Résumé : GE HealthCare publie les vulnérabilités de sécurité susceptibles d’entraîner des répercussions sur la sûreté de certains produits de surveillance. Ces vulnérabilités ont été signalées à GE HealthCare par CyberMDX.
Safety Disclosure: When connected to improperly configured Mission Critical (MC) and /or Information Exchange (IX) networks, certain versions of the CARESCAPE Telemetry Server, ApexPro Telemetry Server, CARESCAPE Central Station (CSCS) version 1 and Central Information Center (CIC) systems were identified to have vulnerabilities that if exploited could possibly result in a loss of monitoring and/or loss of alarms during active patient monitoring. The vulnerability and related risk of exploitation is higher if the above-mentioned networks are improperly configured.
Situation: Six (6) vulnerabilities have been identified which, if exploited, may allow an attacker to:
Make changes at the operating system level of the device with effects such as rendering the device unusable, otherwise interfere with the function of the device, and/or
Make certain changes to alarm settings on connected patient monitors, and/or
Utilize services used for remote viewing and control of multiple devices on the network to access the clinical user interface and make changes to device settings and alarm limits, which could result in missed or unnecessary alarms or silencing of some alarms.
Properly configured MC and IX networks greatly reduce but do not eliminate the ability to gain access to the networks. As a result, if the networks are properly isolated, for this issue to occur, the unauthorized person would need to gain physical access to the listed monitoring devices themselves individually or acquire direct access to the isolated MC or IX networks on-site at the hospital.
In the instructions provided with the devices, GEHC requires that the MC and IX networks are properly configured and isolated from other hospital networks. If those instructions are not followed, a vulnerable situation can exist where an attacker could gain access to the MC and IX networks via the hospital network.
If an attacker gains access to the MC and IX network, the following could be exploited: an exposed private key, exposed services, and components with identified software vulnerabilities. In addition to the product impact disclosure above, such a successful exploit may result in potential access to a limited history of patient data (e.g. monitoring/parameter data). The scoring applied to these vulnerabilities represents a situation in which the implementation instructions are not followed, and MC and IX networks are accessible from the hospital network. The score assigned is a CVSS v3.1 score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). In properly configured situations, an environmental score should be applied, which GE HealthCare suggests as follows, with the resulting CVSS v3.1 score of 8.2
(CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/CR:H/IR:H/AR:H/MAV:L/MAC:H). For more information on individual vulnerabilities and CVE identifiers, please see the DHS-CISA advisory here.
Security recommendations: You can continue to use your devices. Confirm the proper configuration of the MC and IX networks to ensure the isolation and configuration meets the requirements listed in the Patient Monitoring Network Configuration Guide, CARESCAPE Network Configuration Guide, and your product Technical and Service Manuals. A properly isolated network requires an attacker to gain physical access in order to carry out an exploit.
In addition to applying network management best practices, ensure:
- MC and IX Networks are isolated;
- MC and IX Router/Firewalls block incoming traffic, as applicable;
- Restricted physical access to Central Stations, Telemetry Servers, MC network and IX network;
- Default passwords are changed as applicable; and
- Password management best practices are followed.
