"Medical, IoT Devices From Many Manufacturers Affected by 'Access:7' Vulnerabilities"
Research conducted by employees at CyberMDX, a medical device cybersecurity company recently acquired by Forescout, found that many Internet of Things (IoT) and medical devices are impacted by vulnerabilities in PTC’s Axeda agent. The Axeda agent is a solution used for remote access and management of over 150 connected device models from more than 100 manufacturers. CyberMDX conducted its investigation after detecting potential security issues associated with the Axeda agent component on customer systems. The analysis resulted in the discovery of a set of seven supply chain vulnerabilities called Access:7. Threat actors could exploit these vulnerabilities for remote code execution, Denial-of-Service (DoS) attacks, and obtaining information. Most of the vendors impacted by Access:7 vulnerabilities are in the healthcare sector. Other affected vendors are in IoT, financial services, and manufacturing. The vulnerabilities could allow a malicious actor to gain initial access to a network, steal potentially sensitive data, or disrupt affected devices. Although the Axeda platform has reached End of Life (EOL), the vendor has released patches for manufacturers to provide to their customers. This article continues to discuss the discovery, potential exploitaiton, and impact of the Access:7 vulnerabilities.