How Supply Chain Vulnerabilities Can Allow Unwelcomed Access to Medical and IoT Devices
Forescout’s Vedere Labs and CyberMDX discovered seven supply chain vulnerabilities, including three that are rated critical by CISA, that affect PTC’s Axeda agent. The vulnerabilities impact medical and IoT devices that present an immediate risk to healthcare organizations, as well as the financial services and manufacturing sector.
Device Manufacturers Affected
The Impact of Access:7
The Axeda solution enables device manufacturers to remotely access and manage connected devices. Access:7 could enable hackers to remotely execute malicious code, access sensitive data or alter configuration on medical and IoT devices running PTC’s Axeda remote code and management agent.
Over 150 device models from more than 100 device manufacturers are potentially affected by Access:7. Over half of the affected device vendors belong to the healthcare industry (55%), followed by almost a quarter (24%) that develop IoT solutions. The vulnerabilities were found most often in medical imaging (36%) and laboratory (31%) machines.
This disclosure illustrates the problems with supply chain components that Forescout identified in Project Memoria, but this time in a remote management solution.
Dive into the Research
Learn what happens when vulnerabilities in remote access and management agents designed to expedite service on medical and IoT devices are exploited by hackers. This report discloses vulnerabilities in PTC’s Axeda agent, the main findings, common attack scenarios, impact on healthcare and other industries, and mitigation recommendations for device manufacturers and network operators.
Risk Mitigation Strategies
Complete protection against Access:7 requires patching devices running the vulnerable versions of the Axeda components. PTC has released its official patches and device manufacturers using this software should provide their own updates to customers. More details for device manufacturers and network operators are available in our technical report.
Access:7 Supply Chain Vulnerabilities: What to Know and How to Mitigate the Risk
Hear from the researchers to understand:
- What makes supply chain components so vulnerable and how to increase your awareness
- How Access:7 impacts the healthcare industry as well as financial services and manufacturing organizations
- Immediate actions device manufacturers and network administrators should take to mitigate your risk