Pneumatic tube systems (PTS) used in thousands of hospitals worldwide are vulnerable to a total of nine critical security issues collectively referred to as PwnedPiper.
PTS solutions are part of a hospital's critical infrastructure as they are used to quickly deliver items such as blood, tissue, laboratory samples or medicines where needed.
See also: Google launches new bug bounty platform
The defects are found in some of SwissLog's TransLogic Pneumatic Tube systems, an automated material transfer solution for transporting medical supplies to longer distances in medium to large hospitals.
According to the manufacturer, TransLogic PTS is present in more than 2.300 hospitals in North America and more than 3.000 units worldwide benefit from 24-hour customer support.
The critical bug has not been fixed
The Armis investigation revealed that an uncertified intruder could gain full control over certain Internet-connected TransLogic PTS stations and then take over a hospital's entire PTS network.
In particular, the company discovered nine critical vulnerabilities (PwnedPiper) in the firmware that powers the Nexus Control Panel to manage "all current Translogic PTS station models".
While not all issues could be exploited by a remote attacker, the level seriousness remains high given the role of PTS in a hospital.
The company notes in an advisory this weekend that affected PTS products "are mainly grown in hospitals in North America."
Η Jennie McQuade, Chief Privacy Officer for Swisslog Healthcare, says security issues are not present unless a combination of conditions is created.
Armis reported vulnerabilities on May 1 and partnered with Swisslog to develop and test a viable patch (v18.104.22.168), as well as find mitigation steps for hospitals that cannot implement the patch immediately.
The current firmware update, however, addresses all but one vulnerability, CVE-2021-37160, which is the most serious of all. Swisslog will fix it in a future firmware release.
Source of information: bleepingcomputer.com