Security News > 2019 > July > Vulnerable GE anesthesia machines can be manipulated by attackers
A vulnerability affecting several anesthesia and respiratory devices manufactured by General Electric (GE) Healthcare could allow attackers to manipulate the devices’ settings and silence alarms, CyberMDX researchers have found. About the vulnerability (CVE-2019-10966) CVE-2019-10966 affects versions 7100 and 7900 of the GE Aestive and GE Aespire machines, primarily used in the U.S. The vulnerability is exploitable only if they are connected to a hospital network though their serial communication port and via terminal server, and … More → The post Vulnerable GE anesthesia machines can be manipulated by attackers appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/onLwypcLuPQ/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-07-10 | CVE-2019-10966 | Improper Authentication vulnerability in GE products In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms. | 5.3 |