The Pyxis Supplystation from Carefusion is an automated pharmaceutical drug cabinet system that's still widely used despite being end-of-lifed by its manufacturer -- a new report from CERT discloses that independent researchers Billy Rios and Mike Ahmadi have found over 1,400 critical remote-attack vulnerabilities.
Many of the vulnerabilities need very little skill to exploit and the researchers say they believe they're already being exploited in the wild, with exploits being publicly available.
The cabinets are based on Microsoft's discontinued Windows XP/Server 2000 products. Carefusion will not issue patches for the old systems, but they have provided some advice to help customers mitigate the risk from these bugs (things like using VPNs, having a firewall, etc).
Exploitation of these vulnerabilities may allow a remote attacker to compromise the Pyxis SupplyStation system. The SupplyStation system is designed to maintain critical functionality and provide access to supplies in “fail-safe mode” in the event that the cabinet is rendered inoperable. Manual keys can be used to access the cabinet if it is rendered inoperable.
Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment and specific clinical usage.
CareFusion Pyxis SupplyStation System Vulnerabilities [CERT]
1,400+ vulnerabilities found in automated medical supply system
[Zeljka Zorz/Helpnet Security]
The Vernepator Cur was once a ubiquitous dog breed in the UK and the American colonies, and it had a job: for six days a week, it ran tirelessly in a wheel in the kitchen that was geared to turn a meat-spit over the fire (on Sundays it went to church with its owners and […]
Binding arbitration is corporate America's favorite dirty trick: to use a product, you are forced to give up your right to sue if the company hurts you, cheats you, or even kills you.
In PrinTracker: Fingerprinting 3D Printers using Commodity Scanners (Scihub mirror), a paper to be presented at the ACM SIGSAC Conference on Computer and Communications Security conference in Toronto this month, a group of U Buffalo and Northeastern researchers present a model for uniquely identifying which 3D printer produced a given manufactured object, which may allow […]
If you’re shopping for a camping lantern, you’re looking for reliability, period. So it’s nice to find something like the Revogi Convertible LED Lantern that jumps over that low bar and actually offers some versatility. Made of simple materials, the Revogi is high-tech in a refreshingly minimalist, eight-ounce package. Yes, it’ll light up the campsite […]
No matter what your business, Microsoft’s slate of Office software is as essential as desks and chairs – so much so that most workers are expected to know their way around it before they even get in the door. Whether you need an introduction, a brush-up or a level-up to your knowledge of these tools, […]
Speed reading isn’t just an innate skill possessed by a lucky few. Anyone can learn to speed read, and the benefits are endless. The brain can process more information than most people have time to soak up, but you can make that time now with the 2018 Award-Winning Speed Reading Bundle. The first half of […]