The Pyxis Supplystation from Carefusion is an automated pharmaceutical drug cabinet system that's still widely used despite being end-of-lifed by its manufacturer -- a new report from CERT discloses that independent researchers Billy Rios and Mike Ahmadi have found over 1,400 critical remote-attack vulnerabilities.
Many of the vulnerabilities need very little skill to exploit and the researchers say they believe they're already being exploited in the wild, with exploits being publicly available.
The cabinets are based on Microsoft's discontinued Windows XP/Server 2000 products. Carefusion will not issue patches for the old systems, but they have provided some advice to help customers mitigate the risk from these bugs (things like using VPNs, having a firewall, etc).
Exploitation of these vulnerabilities may allow a remote attacker to compromise the Pyxis SupplyStation system. The SupplyStation system is designed to maintain critical functionality and provide access to supplies in “fail-safe mode” in the event that the cabinet is rendered inoperable. Manual keys can be used to access the cabinet if it is rendered inoperable.
Impact to individual organizations depends on many factors that are unique to each organization. NCCIC/ICS-CERT recommends that organizations evaluate the impact of these vulnerabilities based on their operational environment and specific clinical usage.
CareFusion Pyxis SupplyStation System Vulnerabilities [CERT]
1,400+ vulnerabilities found in automated medical supply system
[Zeljka Zorz/Helpnet Security]
Hearthcabinet's "Ventless Fireplaces" use "pre-filled alcohol gel cartridges" -- that is, proprietary logs. When Drew quizzed the company's reps about this on Facebook, they danced around the question, but yeah, it's proprietary logs all right. The company notes that the design is patented (the founder, a product liability attorney named Michael Weinberger, has many related […]
It being 2019, you may now buy a portable cassette player with Bluetooth functionality. Meet Its OK, a ~$65 gadget currently firing up Kickstarter. Chaim Gartenberg: the It’s OK does the usual tape things, like playing cassettes or letting you record to tapes, it also bills itself as the world’s first Bluetooth 5.0 portable cassette […]
Eurogamer’s Will Judd flirts with heresy: “Are mechanical keyboards really good for gaming?” When it comes to PC gaming peripherals, stats and specs drive purchases. Gaming monitors became popular because they offered lower latency or higher refresh rates, while gaming mice boasted higher sensitivities and improved tracking accuracy. Yet this quantitative trend doesn’t seem to […]
Theoretically, there’s never been an easier time for marketers. The ubiquity of social media means a good word – or a good brand – can spread like wildfire with very little effort. But as limitless as the internet is, there’s a lot of competition and noise to contend with. And the vast graveyard of failed […]
They might be the shiny new thing, but AirPods aren’t for everybody. Maybe you’re looking for a new sound or you understandably lost those tiny buds during a brisk run. If so, here’s 10 headphones and earbuds that break out of the Apple mode with a return to quality and wearability. Klipsch R5 Bluetooth Neckband […]
When it comes to passwords, there’s no such thing as paranoia. You want them secure and complex, and you definitely don’t want to repeat them on all your accounts. The trouble is, the internet seems to keep growing. And so do those accounts. Just one lockout from an important email or banking site is enough […]