One Article Review
| Source |  Cyble |
|---|---|
| Identifiant | 8648345 |
| Date de publication | 2025-02-13 11:15:54 (vue: 2025-02-13 12:08:26) |
| Titre | Cyble Warns of Exposed Medical Imaging, Asset Management Systems (Recyclage) |
| Texte | >
Overview
Cyble\'s weekly industrial control system (ICS) vulnerability report to clients warned about internet-facing medical imaging and critical infrastructure asset management systems that could be vulnerable to cyberattacks.
The report examined six ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities in total, but it focused on two in particular after Cyble detected web-exposed instances of the systems.
Orthanc, Trimble Cityworks Vulnerabilities Highlighted by CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued advisories alerting users to vulnerabilities in medical imaging and asset management products.
Orthanc is an open-source DICOM server used in healthcare environments for medical imaging storage and retrieval, while Trimble Cityworks is a GIS-centric asset management system used to manage all infrastructure assets for airports, utilities, municipalities, and counties.
In a February 6 ICS medical advisory, CISA said the Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled, which could result in unauthorized access by a malicious actor. The Missing Authentication for Critical Function vulnerability, CVE-2025-0896, has been assigned a CVSS v3.1 base score of 9.8, just below the maximum score of 10.0.
Orthanc recommends that users update to the latest version or enable HTTP authentication by setting the configuration "AuthenticationEnabled": true in the configuration file.
Cyble provided a publicly accessible search query for its ODIN vulnerability search tool, which users can use to find potentially vulnerable instances.
“This flaw requires urgent attention, as Cyble researchers have identified multiple internet-facing Orthanc instances, increasing the risk of exploitation,” the Cyble report said. “The exposure of vulnerable instances could allow unauthorized access to sensitive medical data, manipulation of imaging records, or even unauthorized control over the server. Given the high stakes in healthcare cybersecurity, immediate patching to version 1.5.8 or later, along with restricting external access, is strongly recommended to mitigate potential threats. |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | has vulnerabilities 0896 0994 2025 a zero about access accessed accessible acquisition across actor actors adapt added additional adopting advisories advisory affects after agency airports alerting alerts all allow along also an incident applying approach are assessment assessments asset assets assigned attacker attention authentication authenticationenabled automating base based basic been below better bodies but by cyble by threat can cases catalog centric check cisa cityworks cityworks versions click here clients companion complex comprehensive conclusion conducting configuration consistency control controls could counties covers critical cve cvss cyber cyberattacks cybersecurity cyble damage danger data day default deployment deserialization details detected developing dicom does effective efficiency employee employees enable enabled ensure ensuring environments especially essential establishing even examined exploitation exploited exposed exposure external facing february file find flaw focus following full function gaps gis given good guidance hash have healthcare help high highlighted http hygiene ics identified identify imaging immediate implementing importance important improve improving include: includes increasing increasingly industrial infrastructure insights instances intelligence internal internet inventory issued it focused its just known landscape later lateral latest layered like limit limiting maintain maintaining malicious manage management management reduces the manipulation maximum measures medical might minimize missing mitigate mitigating mitigation movement multi multiple municipalities must network networks not now observed odin offered office ongoing ongoing cybersecurity training open operational operations organizations orthanc other over overall overview particular particularly patch patched patching patients penetration plan and policy pose possible potential potentially practices prevent prior procedures processes products programs proper properly protected protecting provided publicly query quickly rapidly rated recognizing phishing attempts recommendations recommended recommends records reduce regardless regular regularly regulatory remote remotely report reported required requires researchers resilience responded response restricting result retrieval right risk said same scada score scrutinized search sector securing security segmentation sensitive server setting several should show six source stakes staying storage strategy strongly subscribers such supervisory system systems technology tested testing the latest these those threats timely to cyber to vulnerability tool tools top total traffic training trimble true trust two unauthorized undergo understanding untrusted update updated urgent use used users utilities validated vendors verification version version or versions vulnerabilities vulnerability vulnerable warned warns web weekly when which working “the “this |
| Tags | Tool Vulnerability Threat Patching Industrial Medical |
| Stories | |
| Move | 
|
Les reprises de l'article (1):
| Source | Cyble |
|---|---|
| Identifiant | 8647860 |
| Date de publication | 2025-02-10 13:34:05 (vue: 2025-02-10 14:08:13) |
| Titre | Cyble Warns of Patient Monitor Risk in ICS Vulnerability Report |
| Texte | 
Cyble\'s weekly industrial control system (ICS) vulnerability report to clients included a warning about a severe vulnerability in a patient monitor that could potentially compromise patient safety.
In all, the report covered 36 ICS, operational technology (OT) and Supervisory Control and Data Acquisition (SCADA) vulnerabilities, 31 of which affect critical manufacturing and energy systems. Ten of the 36 vulnerabilities were rated “critical” and 17 carried high-risk ratings.
Patient Monitor Vulnerability Carries a 9.8 Risk Rating
The patient monitor vulnerability, CVE-2024-12248, was one of three flaws in Contec Health CMS8000 Patient Monitors that were addressed in a January 30 advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). CISA said the vulnerabilities were reported to the agency anonymously.
The Food and Drug Administration (FDA) also issued an alert about the vulnerabilities the same day. The FDA said the flaws “may put patients at risk after being connected to the internet,” but added that the agency “is not aware of any cybersecurity incidents, injuries, or deaths related to these cybersecurity vulnerabilities at this time.”
The FDA advisory contained recommendations for patients and caregivers for mitigating the risk that included the following advice:
“If your health c |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | also 01/0 0626 0683 075 08/0 1024x512 120 12248 2024 2025 300x150 787 820 about access accessed account acquisition across actors adapt added additional addressed administration adopting advice: advisories advisory affect affected after agency alert alerts all allow along alternative anonymously any an incident applying approach arbitrary are assessment assessments assets attacker authentication automating available aware a zero backdoor base based being below better blogs bodies bounds but by threat by cyble can caption= care caregivers carried carries caused cisa click here clients cms7 cms8000 code com/wp complex comprehensive compromise concerning conclusion conducting confirms connected consistency contained contec content/uploads/2025/02/cyble control controls could covered covers cramfs critical currently cve cvss cwe cyber cybersecurity cyble damage danger data day deaths deployment details developing device devices disconnected disrupt drug effective efficiency employee employees energy ensure ensuring epsimed especially establishing execution exploitation exploited exposure external fda features file= finding firmware flaw flaws focus following food formatted from full functionality gaps given good hardcoded health healthcare help high hipaa hospital https://cyble hygiene ics identify image immediate immediately implementing importance important improve improving incidents include include: included includes increasingly industrial infrastructure injuries insights intelligence internal internet inventory issued its january jpg just landscape large larger lateral latest layered leading like limit limited limiting local maintain maintaining management management reduces the manipulation manufacturing maximum measures medical medium might minimize mitigating monitor monitor: monitoring monitors movement much multi must network networks not observed offered one ongoing ongoing cybersecurity training only operational operations organizations other out overall particularly patch patching patient patients penetration plan and pose potential potentially practices prevent procedures processes products programs proper properly protected protecting provider put rated rating ratings received recognizing phishing attempts recommendations recommends reduce regardless regular regularly regulations regulatory related relies remediation remote remotely report reported requests required requiring resilience response resulting right risk safety said same scada scale score scrutinized sector securing security segmentation send settings several severe severity should show signs since single smart3250 software specially stark staying stop strategy such supervisory system systems talk technology ten terms tested testing these those threats three time timely title= too tools top to vulnerability to cyber track traffic training transportation trust policy udp unauthorized undergo understanding unplug updated usage used using validated vendors verification version versions violate vital vulnerabilities vulnerability warned warning warns water weekly which wlan2 working write your “critical” “if “is “may “pose |
| Tags | Tool Vulnerability Patching Industrial Medical |
| Stories | |
| Move |
|
L'article ressemble à 1 autre(s) article(s):
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
|
2025-02-20 10:10:49 | (Déjà vu) CISA Vulnerability Advisories Reveal Complexity of ICS Products (lien direct) | 
Overview
Cyble\'s weekly industrial control system (ICS) vulnerability report to clients examined 122 ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities pulled from 22 recent advisories from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
The 122 vulnerabilities affect products from seven vendors across nine critical sectors, ranging from energy and healthcare to wastewater systems, transportation, manufacturing, food and agriculture, chemicals, and commercial facilities. Nine of the vulnerabilities are rated critical.
One interesting aspect of the advisories is how many of the ICS vulnerabilities come from third-party components that weren\'t made by the ICS vendor, revealing the complexity and vulnerability of these critical systems.
Four Critical Siemens Vulnerabilities
Siemens had the highest number of vulnerabilities in the CISA advisories, 100 in all, but only four were rated critical-and all of the critical vulnerabilities came from non-Siemens components.
Two of the critical vulnerabilities affect Siemens Opcenter Intelligence, a manufacturing intelligence platform used to improve manufacturing processes and stem from vulnerabilities in the Java OpenWire protocol marshaller (CVE-2023-46604, a 9.6-severity Deserialization of Untrusted Data vulnerability) and the Tableau Server Administration Agent\'s internal file transfer service (CVE-2022-22128, a 9.0-rated Path Traversal vulnerability). Opcenter Intelligence versions prior to V2501 are affected.
CISA addressed those vulnerabilities in a February 13 advisory, noting that “Successful exploitation of these vulnerabilities could enable an attacker to execute remote code or allow a malicious site administrator to |
Tool Vulnerability Patching Industrial Medical Commercial | ★★★ |