CISA flags ICS bugs in Baxter, Mitsubishi products

Jai Vijayan, Dark Reading

September 9, 2024

2 Min Read
CISA flags ICS bugs in Baxter, Mitsubishi products

This week the US Cybersecurity and Infrastructure Security Agency (CISA) warned about two new industrial control systems (ICS) vulnerabilities in products widely used in healthcare and critical manufacturing — sectors prone to attract cybercrime.

The vulnerabilities affect Baxter’s Connex Health Portal and Mitsubishi Electric’s MELSEC line of programmable controllers. Both vendors have issued updates for the vulnerabilities and recommended mitigations that customers of the respective technologies can take to further mitigate risk.

Baxter Connex Vulnerabilities

CISA’s advisory contained information on two vulnerabilities in Baxter’s Connex Health Portal (formerly Hillrom and Welch Allyn) that it described as remotely exploitable and involving low attack complexity. One of the vulnerabilities, assigned as CVE-2024-6795, is a maximum severity (CVSS score of 10.0) SQL injection issue that an unauthenticated attacker can leverage to run arbitrary SQL queries on affected systems. CISA described the flaw as giving attackers the ability to access, modify, and delete sensitive data and take other admin level actions, including shutting down the database.

The other vulnerability in Baxter’s Connex Health Portal, tracked as CVE-2024-6796, has to do with improper access control and has a CVSS severity rating of 8.2 on 10. The flaw gives attackers a way to potentially access sensitive patient and clinician information and to modify or delete some of the data. As with CVE-2024-6795, the improper access vulnerability in Baxter Connex Health Portal is also remotely exploitable, involves low attack complexity, and does not require the threat actor to have any special privileges.

Baxter has fixed the issues, but CISA has recommended that affected organizations also minimize network exposure for all control system devices and to make sure they are not accessible from the Internet. CISA also wants organizations to stick firewalls in front of control system networks and to use secure remote access methods such as VPNs where remote access is a requirement.

To read the complete article, visit Dark Reading.

About the Author

Jai Vijayan

Jai Vijayan

Dark Reading

See more from Jai Vijayan
Subscribe to receive Urgent Communications Newsletters
Catch up on the latest tech, media, and telecoms news from across the critical communications community
Sign Me Up

Recent

thumbnail
911
California statewide deployment of NG911 ‘on hold’ pending project assessmentCalifornia statewide deployment of NG911 ‘on hold’ pending project assessment
byDonny Jackson
Nov 23, 2024
7 Min Read
thumbnail
Regulations
FCC Chairwoman Jessica Rosenworcel to depart agency after Trump inaugurationFCC Chairwoman Jessica Rosenworcel to depart agency after Trump inauguration
byDonny Jackson
Nov 22, 2024
3 Min Read
thumbnail
IoT
AT&T to discontinue NB-IoT, but T-Mobile and Verizon keep the faithAT&T to discontinue NB-IoT, but T-Mobile and Verizon keep the faith
byMike Dano / Light Reading
Nov 21, 2024
1 Min Read
thumbnail
Software
Microsoft unveils resiliency, security enhancements following July global IT outageMicrosoft unveils resiliency, security enhancements following July global IT outage
byDavid Jones / Cybersecurity Dive
Nov 21, 2024
1 Min Read