A recent patching of the Windows vulnerability traced as CVE-2019-0708 and BlueKeep affected a number of products from Siemens Healthineers, a company specializing in medical technology.
It has been fixed by Microsoft with its May 2019 Patch Tuesday releases, and it impacts Windows Remote Desktop Services (RDS). The flaw is described as wormable and can be used by malware to propagate the same way that the notorious WannaCry ransomware was used by EternalBlue in 2017.
It allows the unauthentication of an attacker to use the Remote Desktop Protocol (RDP) for the code execution and control of a device without the user interactions.
Windows 7, Server 2008,XP and Server 2003 patches have been released by Microsoft. The Network Level Authentication (NLA) allows Windows 7 and Server 2008 users to avoid unauthenticated attacks. Blocking TCP port 3389 in the perimeter firewall can also alleviate the threat.
The flaw poses grave risks, including for industrial environments, and has increased the risk of exploitation following the development of poc exploits reported by several researchers and cyber-security firms.
Shortly after patches were released by Microsoft, Siemens informed clients that a CVE-2019-0708 impact assessment had begun on its products from Healthineers. Six security advisories have been published by the company to explain the effect of the defect on their products and the measures customers need to take to alleviate risks.
In the case of the affected Healthineers software products, the company has told users to install patches from Microsoft. Siemens has indicated that’ the usefulness of vulnerability depends from the specific configuration and deployment environment for each product’ Include MagicLinkA, MagicView, Medicalis, Navigator Screening, Syngo and Teamplay. Software is affected.
The company recommends that RDP be disabled, TCP port 3389 locked, and further workarounds and mitigations proposed by Microsoft should be implemented for advanced products. System ACOM, Sensis and VM SIS Virtual Server are the products that are affected.
It has been advised to disable RDP or close port 3389 for users of Siemens Healthineers ‘ Lantis radiation oncology products.
Siemens says that the majority of laboratory diagnostic products are not affected. The company has promised to release patches for those affected and provide information to improve security of the system. Atellica, Aptio, StreamLab, CentraLink, syngo, Viva, BCS XP, BN ProSpec and CS are the products affected.
The BlueKeep vulnerability affects Axiom, Mobilett, Multix, and Vertix X-ray and mobile products, and Siemens has recommended customers contact their regional support center.
Finally, Siemens has informed AUWi and Rapid Point users that no immediate action is needed and that patches should be available in June. In the meantime, it can be used to prevent potential attacks by the same mitigation and work.