Siemens CT scanners open to remote compromise via publicly available exploits

Siemens has finally provided patches for a number of Microsoft Windows SMBv1 vulnerabilities that affect some of the medical devices sold under the Siemens Healthineers brand.

Siemens CT scanners compromise

Some fixes are available

After WannaCry hit systems around the world in May, the company acknowledged that some of its customers may be facing impacts from the cyber-attack, as some of Siemens Healthineers’ products “may be affected by the Microsoft vulnerability being exploited by the WannaCry ransomware.”

Fixes have now been provided for a variety of laboratory diagnostics products, as well as radiography, mobile X-ray and mammography systems.

Siemens is still working on a few updates

But the company is yet to release patches for four easily and remotely exploitable flaws affecting select Siemens Healthineers molecular imaging products (PET, SPECT and CT scanners), exploits for which are, according to ICS CERT, publicly available.

The vulnerabilities are:

  • A code injection flaw affecting the Microsoft web server of affected devices (CVE-2015-1635)
  • A code injection, a buffer overflow, and a privilege escalation flaw affecting the HP Client automation service of affected devices (CVE-2015-1497, CVE-2015-7860, and CVE-2015-7861, respectively).

All of these vulnerabilities could be exploited by unauthenticated attackers to achieve remote code execution on vulnerable devices. And, as one can see from the CVE numbers assigned to them, they all date back to 2015.

Siemens has published an advisory last week acknowledging the vulnerabilities, and has said that they are working on updates for affected products.

Until those updates are ready and made available, Siemens is advising administrators of those devices to disconnect the product from the network and use in standalone mode.

Don't miss