Security News > 2022 > March > Critical "Access:7" Supply Chain Vulnerabilities Impact ATMs, Medical and IoT Devices
As many as seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices.
Collectively called "Access:7," the weaknesses - three of which are rated Critical in severity - potentially affect more than 150 device models spanning over 100 different manufacturers, posing a significant supply chain risk.
PTC's Axeda solution includes a cloud platform that allows device manufacturers to establish connectivity to remotely monitor, manage and service a wide range of connected machines, sensors, and devices via what's called the agent, which is installed by the OEMs before the devices are sold to customers.
"Access:7 could enable hackers to remotely execute malicious code, access sensitive data, or alter configuration on medical and IoT devices running PTC's Axeda remote code and management agent," researchers from Forescout and CyberMDX said in a joint report published today.
Besides medical imaging and laboratory machines, vulnerable devices include everything from ATMs, vending machines, cash management systems, and label printers to barcode scanning systems, SCADA systems, asset monitoring and tracking solutions, IoT gateways, and industrial cutters.
Successful exploitation of the flaws could equip attackers with capabilities to remotely execute malicious code to take full control of devices, access sensitive data, modify configurations, and shut down specific services in the impacted devices.
News URL
https://thehackernews.com/2022/03/critical-access7-supply-chain.html
Related news
- Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847) (source)
- Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk (source)
- Israel’s Pager Attacks and Supply Chain Vulnerabilities (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)