[MART] - Daily Diary #317 - PwnedPiper Vulnerabilities Affecting Major Hospitals in North America

CTAS-MAT ctas-mat at appgate.com
Mon Aug 2 22:31:57 UTC 2021

I hope everyone is doing well!

Below is the entry for today.

08/02/2021 - Diary entry #317

This week a new set of vulnerabilities have been disclosed. Named PwnedPiper, the set contains 9 vulnerabilities affecting the Translogic Pneumatic Tube System (PTS) system by Swisslog Healthcare. This system is installed in about 80% of all major hospitals in North America, and is used to transport blood samples in hospital settings to diagnostic laboratories securely.

Among the vulnerabilities we can find privilege escalation, memory corruption, remote-code execution, and denial of service (DOS). When exploited, those vulnerabilities allow an attacker to take full control over the PTS system, infect other systems in the PTS network, exfiltrate sensitive information, and even halt the system operation entirely. A skilled attacker can also use the vulnerabilities to get persistence in the PTS station through an insecure firmware upgrade issue, making it harder to completely wipe a malware after a successful infection.

Attacking healthcare is considered a huge ethical violation even among cybercriminals, but has always been a very profitable target for ransomware. With the need for a fast recovery, the tremendous impact of a disruption, and the risks of having patient data leaked, they are very prone to pay the ransom. Even with the COVID-19 pandemic, we have seen lots of attacks targeting healthcare institutions. Most recently, we covered in our Daily Diary #292 when Sodinokibi attacked the Brazilian company "Grupo Fleury".

Vulnerabilities like those can be used by sophisticated human-driven ransomware to increase their damage. Therefore, we highly recommend institutions to keep Swisslog software up-to-date, and also to adopt a ZeroTrust architecture, isolating this kind of sensitive system from other networks, mitigating the risk of a ransomware infection to spread.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Duarte Domingues
Security Researcher

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210802/9bba4b22/attachment.htm>

More information about the MART mailing list