How Supply Chain Vulnerabilities Can Allow Unwelcomed Access to Medical and IoT Devices
Forescout’s Vedere Labs and CyberMDX discovered seven supply chain vulnerabilities, including three that are rated critical by CISA, that affect PTC’s Axeda agent. The vulnerabilities impact medical and IoT devices that present an immediate risk to healthcare organizations, as well as the financial services and manufacturing sector.
Device Manufacturers Affected
The Impact of Access:7
The Axeda solution enables device manufacturers to remotely access and manage connected devices. Access:7 could enable hackers to remotely execute malicious code, access sensitive data or alter configuration on medical and IoT devices running PTC’s Axeda remote code and management agent.
Over 150 device models from more than 100 device manufacturers are potentially affected by Access:7. Over half of the affected device vendors belong to the healthcare industry (55%), followed by almost a quarter (24%) that develop IoT solutions. The vulnerabilities were found most often in medical imaging (36%) and laboratory (31%) machines.
This disclosure illustrates the problems with supply chain components that Forescout identified in Project Memoria, but this time in a remote management solution.
Dive into the Research
Learn what happens when vulnerabilities in remote access and management agents designed to expedite service on medical and IoT devices are exploited by hackers. This report discloses vulnerabilities in PTC’s Axeda agent, the main findings, common attack scenarios, impact on healthcare and other industries, and mitigation recommendations for device manufacturers and network operators.
Risk Mitigation Strategies
Complete protection against Access:7 requires patching devices running the vulnerable versions of the Axeda components. PTC has released its official patches and device manufacturers using this software should provide their own updates to customers. More details for device manufacturers and network operators are available in our technical report.
How Forescout Can Help
With the recent acquisition of CyberMDX, Forescout healthcare customers can use CyberMDX’s solution to identify vulnerable medical and IoT devices. The solution automatically detects the medical assets within your network and organizes them in an accessible inventory listing. Assets affected by Access:7 will appear in the Vulnerabilities Cyber Risks screen. Using the CyberMDX Control Center, customers can also track the number of affected devices and follow the progress of remediation.
The Forescout platform also protects against Access:7 vulnerabilities as follows:
eyeSight uses the Security Policy Templates (SPTs) module to identify and group vulnerable and potentially vulnerable devices. A new version of the SPT package, which can identify devices vulnerable to Access:7, can be downloaded here.
eyeInspect uses a new Access:7 Monitor script to identify vulnerable devices and detect exploitation attempts against them.
Access:7 Supply Chain Vulnerabilities: What to Know and How to Mitigate the Risk
Hear from the researchers to understand:
- What makes supply chain components so vulnerable and how to increase your awareness
- How Access:7 impacts the healthcare industry as well as financial services and manufacturing organizations
- Immediate actions device manufacturers and network administrators should take to mitigate your risk
Get the capabilities you need to build a tailored security solution for your Enterprise of Things
and the ability to orchestrate actions to reduce cyber risk.