loader gif

Siemens Healthineers impacted by BlueKeep vulnerability

Siemens Healthineers impacted by BlueKeep vulnerability
  • The impacted software products include MagicLinkA, MagicView, Medicalis, Screening Navigator, syngo, and teamplay.
  • The impacted advanced therapy products include System ACOM, Sensis and VM SIS Virtual Server.

What is the issue?

Several medical products made by Siemens Healthineers are impacted by a recently patched Windows vulnerability dubbed ‘BlueKeep’.

More details on the vulnerability

The vulnerability tracked as CVE-2019-0708 impacts the Windows Remote Desktop Services (RDS), allowing attackers to perform remote code execution and hijack an entire network. However, the vulnerability has been fixed by Microsoft with its May 2019 Patch Tuesday updates.

What is the impact on Siemens products?

Siemens has published six security advisories describing the impact of the vulnerability on its products and the steps to be taken to mitigate the risks.

  • The impacted software products include MagicLinkA, MagicView, Medicalis, Screening Navigator, syngo, and teamplay.
  • The impacted advanced therapy products include System ACOM, Sensis and VM SIS Virtual Server.
  • The impacted radiology and mobile X-ray products include Axiom, Mobilett, Multix, and Vertix
  • The impacted laboratory diagnostics products include Atellica, Aptio, StreamLab, CentraLink, syngo, Viva, BCS XP, BN ProSpec, and CS.

Mitigations

  • The company has requested its customers to install the patches from Microsoft.
  • For impacted advanced therapy products, the company has recommended disabling RDP, blocking TCP port 3389, and implementing other mitigations suggested by Microsoft.
  • Users of Siemens Healthineers’ Lantis radiation oncology products are requested to disable RDP or close port 3389.
loader gif