https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

IoT/Smart X


Partner content

Medical and IoT devices from more than 100 vendors vulnerable to attack

Medical and IoT devices from more than 100 vendors vulnerable to attack

  • Written by Jai Vijayan / Dark Reading
  • 10th March 2022

More than 150 Internet of Things (IoT) devices — including many that are used in the healthcare sector — from over 100 companies are at heightened risk of attack from a set of seven vulnerabilities in a third-party remote access component in the devices.

Three of the bugs are rated as critical because they enable attackers to remotely execute malicious code on vulnerable devices to take full control of them. The remaining vulnerabilities have moderate to high severity ratings and give attackers a way to steal data or to execute denial-of-service attacks.

The vulnerabilities are present in multiple versions of PTC Axeda agent and PTC Desktop Server — technologies that many IoT vendors incorporate in their devices to enable remote access and management. Researchers from Forescout’s Vedere Labs and CyberMDX who discovered the vulnerabilities are tracking them collectively as “Access:7.”

In a report summarizing their findings this week, the researchers described the buggy component as especially prevalent in Internet-connected devices used in the healthcare sector, such as medical imaging, lab, radiotherapy, and surgical technologies. Forescout said an anonymized scan of its customer networks uncovered some 2,000 unique devices with vulnerable versions of Axeda on them. Of that, 55% were deployed in healthcare organizations, 24% in organizations developing IoT products, 8% in IT, 5% in financial services environments, 4% in manufacturing, and 4% across other verticals.

Among the affected devices — besides healthcare-related technologies — are ATMs, SCADA systems, vending machines, cash management systems, IoT gateways, and asset monitoring technologies. All versions of the Axeda technology below 6.9.3 are affected and PTC has released patches for all the vulnerabilities, Forescout said.

Daniel dos Santos, head of security research at Forescout, says the vulnerabilities are proof that remote management tools present a danger not just in the IT world — as shown by attacks like the one on Kaseya last year — but also for IoT and Internet-connected medical technologies.

“So, it’s important that organizations have an inventory of devices that are being remotely managed and understand how they are managed,” he says. “Organizations should first identify the vulnerable devices in the network, then make sure they are not exposed to these vulnerabilities by segmenting their networks and limiting traffic on the vulnerable ports.” They should then patch the devices, when possible, dos Santos says.

The set of seven vulnerabilities that Forescout and CyberMDX discovered include those stemming from the use of hard-coded credentials, missing authentication, improper limitation of a pathname, and improper check or handling of exceptions.

To read the complete article, visit Dark Reading.

 

 

Tags: Analytics Alerting Systems Applications Companies Critical Infrastructure Cybersecurity DHS Drones/Robots Enterprise Federal Government/Military Incident Command/Situational Awareness Internet of Things Internet of Things Interoperability IoT/Smart X News Policy Public Safety Security Software State & Local Government Subscriber Devices System Design System Operation Test & Measurement Tracking, Monitoring & Control Partner content

Most Recent


  • FCC approves new processes, spectrum to support space-based communications
    FCC commissioners today passed new rules that are designed to enable more satellite and other space-based endeavors by streamlining the application processes associated with such initiatives and by establishing a more predictable spectrum regime for launches. Commissioners indicated that these two items were passed in an effort to ensure that FCC rules and processes do […]
  • FBI, CISA issue joint warning on 'Snatch' ransomware-as-a-service
    Cybersecurity advisories from the FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) are usually a good indication that a particular threat merits priority attention from organizations in the crosshairs. That would appear to be the case with “Snatch,” a ransomware-as-a-service (RaaS) operation that has been active since at least 2018 and is the […]
  • Huawei hacked by U.S., according to China spy agency
    It’s back to 2019 on Huawei, with the US and China exchanging barbs and the Chinese firm accused of skirting US export rules. China foreign affairs spokesperson Mao Ning Wednesday assailed the US for “overstretching” the concept of national security in order to discriminate against Chinese companies. She rejected a complaint by Commerce Secretary Gina Raimondo over […]
  • Driverless-car crashes less frequent, cause less damage, according to insurance research
    Waymo is using insurance data to demonstrate that its self-driving taxis are safer than human-driven vehicles. The company, owned by Google parent Alphabet, has published research led by insurer Swiss Re that it says shows how driverless vehicles crash less frequently and do less damage than those piloted by humans. The study comes at a pivotal moment […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • Cyber insurance and business risk: How the relationship is changing reinsurance and policy guidance
  • Hexagon, VIDIZMO partner to streamline digital evidence management
  • AT&T says FirstNet unit grew 60% to a $1.7 billion business in 2021
  • Absolving user of blame in driverless cars could accelerate adoption

Commentary


Better technology can help solve the public-safety staffing crisis

26th June 2023

Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.