PwnedPiper leaves PTS vulnerable to attacks
Cybersecurity researchers from the enterprise-class security platform, Armis, disclosed a collection of nine vulnerabilities known as PwnedPiper which has left the commonly used pneumatic tube system (PTS) exposed to attacks, with the threat of a complete takeover.
The Swisslog Healthcare Translogic PTS system is designed to facilitate hospitals and health systems through automated logistics and material transport. This system is used in around 80% of hospitals in North America and about 3,000 hospitals worldwide.
According to Armis, the PwnedPiper vulnerabilities can allow an attacker to take over the Translogic Nexus Control Panel, a software which the medical staff uses to direct the flow of materials within the hospital. It further stated that the severity of such a control cannot be underestimated as it can lead to critical ransomware attacks along with giving attackers access to leak information.
The details of the discovered nine vulnerabilities are:
- CVE-2021-37163 – Two vulnerabilities are hardcoded passwords of user and root accounts that are accessible through the Telnet server on the Nexus control Panel
- CVE-2021-37167 – User script run by root can lead to privilege escalation
- CVE-2021-37161 – Underflow in udpRXThread; CVE-2021-37162 – Overflow in sccProcessMsg; CVE-2021-37165 – Overflow in hmiProcessMsg; CVE-2021-37164 – Off-by-three stack overflow in tcpTxThread: These are memory corruption bugs that can lead to remote-code-execution and denial-of-service.
- CVE-2021-37166 – GUI socket Denial Of Service: A denial-of-service vulnerability that allows attackers to takeover and access GUI commands over the network.
- CVE-2021-37160 – Unauthenticated, unencrypted, unsigned firmware upgrade: This design flaw is of severe nature since it allows attackers to get access to unauthenticated remote-code-execution.
According to Swisslog, the extent of damage of the PTR depends on a bad actor having access to the network. So in an attempt to mitigate the risks, they have developed software updates for all but one of the vulnerabilities, and also designed specific strategies for the user to combat the remaining vulnerability.
The existing customers of the Translogic PTS system are advised to update Nexus Control Panel version 220.127.116.11, which is the latest firmware. This will help in mitigating potential risks that can be the result of exploitations of the vulnerabilities.
Armis research experts highlight that systems in the hospital infrastructure also play a crucial role in the smooth functioning of healthcare facilities. Therefore, securing these should also be prioritized to ensure safe environments.