Vulnerabilities Found in Carestream Vue RIS, PeerVue Web Server and Siemens Healthcare Products

Five advisories have been issued by the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in the past week regarding vulnerabilities of particular relevance to U.S. healthcare providers.

Change Healthcare PeerVue Web Server
The vulnerability (CVE-2018-10624) identified in the Change Healthcare PeerVue Web Server can be exploited by an attacker to gain access to information from the web server that could used to launch a cyberattack. Only low level of skill is required to exploit the vulnerability by an attacker on an adjacent network. The vulnerability reveals data by means of an error message. Security researcher Dan Regalado of Zingbox discovered this vulnerability, which was given a CVSS v3 base rating of 4.3.

Change Healthcare addressed the flaw promptly and has issued a patch. Users of PeerVue Web Server 7.6.2 or earlier versions need to get in touch with Change Healthcare for complete details about how to apply the patch.

Carestream Vue RIS
A vulnerability (CVE-2018-17891) has been identified in the CareStream Vue RIS web-based radiology system. An attacker could exploit the vulnerability remotely to gain access the network and passively read traffic. According to Carestream, the vulnerability impacts version 11.2 of RIS Client Builds and previous versions, if they are being run on Windows 8.1 with IIS/7.5.

By exploiting the vulnerability, an attacker could access information via an HTTP 500 error message which is generated by communicating with a Carestream server when the Oracle TNS listener is not available. The exposed data could be employed in a further, more serious attack. Dan Regalado of Zingbox also identified this vulnerability, which was given a CVSS v3 base rating of 3.7. Carestream fixed the vulnerability in the present software version (v11.3). If users cannot upgrade right away, it is recommended that they disable “Show debug messages” and allow SSL for client/server communications.

Siemens SCALANCE W1750D
Siemens found a vulnerability (CVE-2018-13099) in SCALANCE W1750D WLAN version 8.3.0.1 and previous versions. An attacker could exploit the access point vulnerability and decrypt TLS traffic. It was noted by ICS-CERT that public exploits are already available for this vulnerability. An attacker could exploit the vulnerability if he/she has network access to vulnerable equipment.

This vulnerability has been given a CVSS v3 base score of 5.9. Siemens already issued a firmware upgrade to correct the flaw. All users should upgrade to v8.3.0.1 without delay. Until the upgrade is installed, administrators should limit access to the affected devices’ web interface. Devices should also be operated in a protected IT environment.

Siemens ROX II
Siemens also found two improper privilege management vulnerabilities (CVE-2018-13801 and CVE-2018-13802) that affect ROX II v2.12.1 and prior versions. An attacker with low level of skill could remotely exploit the vulnerabilities.

According to Siemens, an attacker who has access to Port 22/TCP using a valid low-privileged user account could exploit the vulnerability (CVE-2018-13801), raise privileges and gain root-level access. The vulnerability was given a CVSS v3 base rating of 8.8.

The vulnerability (CVE-2018-13802) could be exploited by an authenticated person with a high-privilege user account through the SSH interface on Port 22/TCP and could bypass restrictions and implement and run arbitrary code. operating system commands. The vulnerability has been given a CVSS v3 base score of 7.2.

Siemens has already fixed both vulnerabilities in v2.12.1 of its software. Users are advised to install the upgrade without delay. Until the upgrade is completed, users should restrict network access to Port 22/TCP.

Siemens SIMATIC S7-1200 CPU Family Version
Vulnerability (CVE-2018-13800), which is remotely exploitable, was discovered in all models preceding 4.2.3 of SIMATIC S7-1200 CPU Family Version 4. This is a cross-site request forgery vulnerability, which can be exploited if a legitimate user who’s been authenticated to the web platform is tricked into clicking a malicious URL. Exploitation of the vulnerability would allow an attacker to read or change certain parts of the device settings.

Lisa Fournet and Marl Joos of P3 communications GmbH discovered the vulnerability, which was given a CVSS v3 base rating of 7.5. Siemens already resolved the vulnerability by releasing a new version of firmware. All users need to upgrade to v4.2.3 promptly. Users have been advised not to visit other websites while authenticated against the PLC until the firmware upgrade has been applied.