The Pyxis Supplystation from Carefusion is an automated pharmaceutical drug cabinet system that's still widely used despite being end-of-lifed by its manufacturer -- a new report from CERT discloses that independent researchers Billy Rios and Mike Ahmadi have found over 1,400 critical remote-attack vulnerabilities.
Many of the vulnerabilities need very little skill to exploit and the researchers say they believe they're already being exploited in the wild, with exploits being publicly available.
The cabinets are based on Microsoft's discontinued Windows XP/Server 2000 products. Carefusion will not issue patches for the old systems, but they have provided some advice to help customers mitigate the risk from these bugs (things like using VPNs, having a firewall, etc).
Exploitation of these vulnerabilities may allow a remote attacker to compromise the Pyxis SupplyStation system. The SupplyStation system is designed to maintain critical functionality and provide access to supplies in “fail-safe mode” in the event that the cabinet is rendered inoperable. Manual keys can be used to access the cabinet if it is rendered inoperable.
Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment and specific clinical usage.
CareFusion Pyxis SupplyStation System Vulnerabilities [CERT]
1,400+ vulnerabilities found in automated medical supply system
[Zeljka Zorz/Helpnet Security]
YouTuber IAA015 likes to demonstrate fun decorative gadgets for the home and office, like this nicely designed Stirling engine that can reach speeds of over 2,000 revolutions per minute.
Now that Consumer Reports is explicitly factoring privacy and security into its tech reviews, we're making some progress to calling out the terrible state of affairs that turned the strange dream of an Internet of Things into a nightmare we call the Internet of Shit.
Uni's Kuru Toga Roulettes are mechanical pencils that solve a problem I've never had, which is that the tip wears differentially, eventually creating a blunt instrument (I am a clod whose draftsmanship looks like I tried writing in a zeppelin caught in a tornado, so this is not a problem for me) -- the Roulette […]
From self-driving cars to Siri, we’ve already gotten a taste of what AI can do, and now this groundbreaking technology is making its way to education and revolutionizing the way we learn new languages. Mondly uses state-of-the-art speech recognition to help you speak foreign languages like a true local. Lifetime subscriptions are on sale for […]
We’ve all used Excel at some point in our careers, but chances are most of us have only scratched the surface of what this ubiquitous program can do. From automating simple tasks to presenting data through beautiful charts and PivotTables, Excel brings a ton of utility to the table that can make a huge impact […]
Traveling isn’t always the most comfortable experience, but at least you have your music to keep you company on those long flights. That is, until your chatty neighbor and that crying baby three seats over drown out your playlist. These Paww WaveSound 3 Noise-Cancelling Bluetooth Headphones block up to 20 decibels of audio, so you can […]