Syringe infusion pumps can be fiddled with by remote attackers

A syringe infusion pump used in acute care settings sports eight vulnerabilities, some of which could be exploited by remote attackers to impact the intended operation of the device, ICS-CERT warns.

The product in question is the Medfusion 4000 Wireless Syringe Infusion Pump, manufactured by US-based Smiths Medical, and it is used worldwide for accurate medication delivery in critical care, including neonatal and pediatric intensive care, and the operating room.

Syringe infusion pump vulnerabilities

The vulnerabilities, identified by independent researcher Scott Gayou, include buffer overflows, hard-coded credentials and passwords, improper certificate validation, passwords stored in the configuration field, and improper access control.

“Successful exploitation of these vulnerabilities may allow a remote attacker to gain unauthorized access and impact the intended operation of the pump. Despite the segmented design, it may be possible for an attacker to compromise the communications module and the therapeutic module of the pump,” ICS-CERT noted.

The good news is there are currently no known public exploits specifically targeting the flaws. Also, that only high skill attackers would be able to exploit them.

Remediation

Vulnerable versions of the pump are v1.1, v1.5, and 1.6, and Smiths Medical is planning to release a new product version to address them in January, 2018.

In the meantime, healthcare organizations should evaluate the impact of these vulnerabilities based on their operational environment and specific clinical usage, and implement one or several mitigation actions to minimize exploitation risk.

The most extreme actions include disconnecting the pump from the Internet and even from the network until the product fix can be applied, as disconnecting it from the network does not impact its clinical functionality.

More details and mitigation steps are included in ICS-CERT’s advisory.