Major Hospitals affected by PwnedPiper Vulnerabilities

THREAT LEVEL: White.

For a detailed advisory, download the pdf file here.

Multiple Zero-day vulnerabilities (PwnedPiper) have been found affecting the HMI-3 Control Panel of Swisslog Healthcare’s TransLogic Pneumatic Tube Systems (PTS). PTS is a specialized system that uses compressor to transport medical supplies (lab samples, medication, blood products, and other items) through tubes that connect various departments within big hospitals. using tubes that connect different departments inside large hospitals. The medical instrument  has been installed in over 3000 hospitals in North America putting all of them at risk. A version 7.2.5.7 of the Nexus Control Panel has been released to eliminate these vulnerabilities.

Vulnerability Details

References

https://www.darkreading.com/vulnerabilities—threats/multiple-zero-day-flaws-discovered-in-popular-hospital-pneumatic-tube-system/d/d-id/1341584

https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20,%20%20CVE-2021-37164%20%204%20more%20rows%20