Spacelabs Xhibit Telemetry Receiver and GE Healthcare Ultrasound Products Vulnerabilities Reported

Share this article on:

A critical vulnerability has been identified in the Xhibit Telemetry Receiver and GE Healthcare has issued an advisory about a flaw in its ultrasound products.

Xhibit Telemetry Receiver Vulnerable to Critical BlueKeep Windows Vulnerability

The Xhibit Telemetry Receiver (XTR), Model number 96280, v1.0.2 and all versions of the now unsupported Xhibit Arkon (99999) are vulnerable to the critical BlueKeep Remote code execution vulnerability.

The vulnerability – CVE-2019-0708 – affects the Remote Desktop Protocol feature of the underlying Microsoft Windows operating system. The flaw can be exploited by sending specially crafted packets to Windows operating systems that have RDP enabled. The vulnerability is pre-authentication and no user interaction is required to exploit the flaw. The BlueKeep vulnerability is also worm-able. Malware could be developed to exploit the vulnerability allowing propagation to other vulnerable systems, as was the case with the WannaCry ransomware attacks in 2017.

Successful exploitation would allow a remote attacker to add accounts with full user rights, view, change, or delete data, install programs, and execute arbitrary code on vulnerable systems. The BlueKeep vulnerability is present in Windows 2000, Windows 7, Windows Vista, Windows XP, and Windows Server 2003, 2003 R2, 2008, and 2008 R2.

Microsoft discovered the vulnerability and SpaceLabs reported the flaw to CISA. The flaw has been assigned a CVSS V3 base score of 9.8 out of 10.

All deployed XTR hardware appliances can be updated and should be running the latest software release, v1.2.1 or later. However, the unsupported Arkon products are not designed to be updated and cannot be patched. For these products, SpaceLabs recommends blocking TCP Port 3389 at the enterprise perimeter firewall. TCP Port 3389 is required to initiate RDP sessions. Blocking the port will prevent exploitation but will also block legitimate RDP sessions. This mitigation will not prevent exploitation of the flaw from inside the network so physical controls must also be implemented to restrict access to the products to authorized personnel.

Warning Issued About Vulnerability Affecting GE Healthcare Ultrasound Products

A vulnerability has been identified in certain GE Healthcare ultrasound products which could allow an attacker to escape protections and access the underlying operating system.

The vulnerability is tracked as CVE-2020-6977 and has been assigned a CVSS V3 base score of 6.8 out of 10.

The following GE Healthcare products are affected by the vulnerability:

  • Vivid products, all versions
  • LOGIQ, all versions, not including LOGIQ 100 Pro
  • Voluson, all versions
  • Versana Essential, all versions
  • Invenia ABUS Scan station, all versions
  • Venue, all versions, not including Venue 40 R1-3 and Venue 50 R4-5

The flaw cannot be exploited remotely, but an individual with physical access to the affected products could exploit the vulnerability to escape Kiosk Mode.

To protect against exploitation, physical access to vulnerable devices should be restricted and, if possible, the “system lock” password should be enabled in the Administration GUI menu. With system lock enabled, a password must be entered to access the system.

The vulnerability was identified by Marc Ruef and Rocco Gagliardi of scip AG, with further information provided by Michael Aguilar of Secureworks and Jonathan Bouman of Protozoan.nl.

Author: HIPAA Journal

Share This Post On