Summary
Exploitations via remote access related to the Swisslog Healthcare Translogic PTS (pneumatic tube systems). This is an Industrial Control System (ICS) that controls the pneumatic tubes and the information used to move items throughout the tube network.
What Happened?
Over 3000 hospitals worldwide may be subject to a recently discovered group of vulnerabilities dubbed “PwnedPiper” by the researchers that found them, Armis, Inc (Armis.com). The nine separate vulnerabilities affect the Swisslog Healthcare Translogic PTS (pneumatic tube systems), which are used to transport samples, medicine, and other medical items from point to point within a medical complex of buildings.
After divulging the vulnerabilities to Swisslog on May 1, the two companies have been working together to produce both customer level security measures and patches for the software that controls the Translogic PTS. A patch, v7.2.5.7, was expected to field on August 2nd and would resolve all but one of the vulnerabilities. The final vulnerability, an unsigned firmware upgrade issue, is to be resolved in a later release (Vigliarolo).
On August 3rd of this year, the Cybersecurity and Infrastructure Security Agency (CISA) released an ICS Medical Advisory with specific information about the vulnerabilities and some potential mitigations. The vulnerabilities that are included in this single notification include hard-coded passwords that cannot be changed without coding adjustments or version changes, default credentials that could allow root access, and remote code execution vulnerabilities. Your connections between devices could also be hijacked.
Mitigations include software upgrades to the most recent versions, Layer 3 extended access control lists, intrusion detection systems, blocking certain Telnet ports, and others. However, it is important to note that one of the most valuable mitigations would be simply to update your system applications/software to the most current version and continue to update as newer versions become available. In this particular case, please attempt to validate the update files prior to installation, as that is also a listed vulnerability. At this time, there is no recommendation from Swisslog as to how validation of update files might be accomplished (Cybersecurity and Infrastructure Security Agency).
Northstarr Recommendations
Our A.C.E.S. system, a multi-level defense-in-depth approach to cybersecurity, protects your organization and its assets at all points, including ICS/SCADA systems that might otherwise be overlooked. Protecting your data and reputation is our top priority, as it is yours. Sign up for our Free Assessment now, and let’s begin your path to a more secure future.
For more detailed information, please visit the following sites:
CISA: https://us-cert.cisa.gov/ics/advisories/icsma-21-215-01
TechRepublic: https://www.techrepublic.com/article/pwnedpiper-threatens-thousands-of-hospitals-worldwide-patch-your-systems-now/