The Pyxis Supplystation from Carefusion is an automated pharmaceutical drug cabinet system that's still widely used despite being end-of-lifed by its manufacturer -- a new report from CERT discloses that independent researchers Billy Rios and Mike Ahmadi have found over 1,400 critical remote-attack vulnerabilities.
Many of the vulnerabilities need very little skill to exploit and the researchers say they believe they're already being exploited in the wild, with exploits being publicly available.
The cabinets are based on Microsoft's discontinued Windows XP/Server 2000 products. Carefusion will not issue patches for the old systems, but they have provided some advice to help customers mitigate the risk from these bugs (things like using VPNs, having a firewall, etc).
Exploitation of these vulnerabilities may allow a remote attacker to compromise the Pyxis SupplyStation system. The SupplyStation system is designed to maintain critical functionality and provide access to supplies in “fail-safe mode” in the event that the cabinet is rendered inoperable. Manual keys can be used to access the cabinet if it is rendered inoperable.
Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment and specific clinical usage.
CareFusion Pyxis SupplyStation System Vulnerabilities [CERT]
1,400+ vulnerabilities found in automated medical supply system
[Zeljka Zorz/Helpnet Security]
Retro Pi Cases makes and sells adorable housings for tiny computers, and their next model is going to be Tandy’s classic TRS-80. It’s not available yet, but checking out their site revealed to me their Commodore Amiga model, a no-brainer purchase.
Bandai created armored cats ("Nekobusou") as a jokey tweet whose unexpected popularity inspired the toymaker to go into production with a like of armored cat figurines ranging from $5-14 each.
Microsoft’s new accessible game controller has a retro vibe, enormous buttons, and a range of attachments tailored to specific disabilities. The new Xbox Adaptive Controller, which will be available later this year, can be connected to external buttons, switches, joysticks and mounts, giving gamers with a wide range of physical disabilities the ability to customize […]
Handheld radios might seem a bit archaic, but in an emergency situation, few things will keep you as reliably connected to the outside world. This Emergency Multi-Function Radio & Flashlight takes the utility of the tried-and-true radio and combines it with a powerful flashlight and self-sufficient energy system. It’s available in the Boing Boing Store for […]
Few programming languages boast the versatility and user-friendliness of Python, which is why it’s the first language of choice for many aspiring programmers. Regardless of your experience level, you can take the first step to becoming Python-savvy with the Python 3 Bootcamp Bundle, available in the Boing Boing Store for $35 this week. Featuring more than […]
We live during a time where cyberattacks regularly make news headlines, so it should come as no surprise that cybersecurity professionals are experiencing a surge in demand at even the entry level, making now the ideal time to learn the tools of the trade if you’re considering a career switch. The 2018 Supercharged Cybersecurity Bundle offers […]