Security News > 2021 > August > PwnedPiper PTS Security Flaws Threaten 80% of Hospitals in the U.S.
The security weaknesses, disclosed by American cybersecurity firm Armis, impact the Translogic PTS system by Swisslog Healthcare, which is installed in about 80% of all major hospitals in North America and in no fewer than 3,000 hospitals worldwide.
"These vulnerabilities can enable an unauthenticated attacker to take over Translogic PTS stations and essentially gain complete control over the PTS network of a target hospital," Armis researchers Ben Seri and Barak Hadad said.
Pneumatic tube systems are internal logistics and transport solutions that are used to securely transport blood, tissue, and lab samples in hospital settings to diagnostic laboratories.
Successful exploitation of the issues could result in leakage of sensitive information, enable an adversary to manipulate data, and even compromise the PTS network to carry out a man-in-the-middle attack and deploy ransomware, thereby effectively halting the operations of the hospital.
In a nutshell, the flaws - which concern privilege escalation, memory corruption, and denial-of-service - could be abused to gain root access, achieve remote-code-execution or denial-of-service, and worse, permit an attacker to maintain persistence on compromised PTS stations via an insecure firmware upgrade procedure, leading to unauthenticated remote-code-execution.
Translogic PTS system customers are highly recommended to update to the latest firmware to mitigate any potential risk that may arise out of real-world exploitation of the shortcomings.