"DHS CISA Warns of Critical Issues in Medtronic Medical Equipment"

The U.S. DHS Cybersecurity & Infrastructure Security Agency (CISA) published an advisory, warning of three recently patched vulnerabilities in Medtronic Valleylab FT10 and FX8 devices. According to the advisory, the exploitation of these vulnerabilities could allow attackers to perform malicious activities such as overwriting files and remotely executing code. The first vulnerability derives from the use of hardcoded credentials. The second vulnerability is associated with the use of a vulnerable version of the rssh utility, which is used in devices to ease the process of uploading files. Another vulnerability stems from the use of the DESCRYPT algorithm for OS password hashing. Medtronic recommends that these devices are only connected to the hospital network when needed until the new software update is complete. This article continues to discuss the critical security flaws affecting Medtronic Valleylab products, what the exploitation of these flaws could allow attackers to do, and recommendations to minimize the risk of the abuse of these flaws. 

Security Affairs reports "DHS CISA Warns of Critical Issues in Medtronic Medical Equipment"