ICSMA-18-240-01_Qualcomm Life Capsule

Act Now9.8ICS-CERT ICSMA-18-240-01Aug 28, 2018

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

Qualcomm Life Capsule DTS (Data Transfer Station) devices contain a vulnerability in the embedded Allegro RomPager web server (versions 4.01–4.34) that allows unauthenticated remote code execution. The vulnerability is a CWE-668 weakness. A firmware update is available only for the Single Board DTS variant; users with Dual Board, Digi Connect ES converted to DTS, and Digi Connect ES versions cannot receive a patch and must disable the web server to mitigate risk.

What this means

What could happen

An attacker on the network could remotely execute code on the DTS device through the embedded web server without authentication, potentially allowing them to modify patient data, alter device configurations, or disrupt remote monitoring capabilities.

Who's at risk

Healthcare organizations using Capsule Technologies DTS (Data Transfer Station) devices for patient monitoring and remote support should be concerned. Single Board DTS versions are patchable, but Dual Board versions and Digi Connect ES devices cannot be fully remediated and require web server disablement as a compensating control.

How it could be exploited

An attacker sends a crafted request to the Allegro RomPager web server listening on the DTS device. The web server processes the request without requiring authentication and allows arbitrary code execution. No user interaction or special configuration is required.

Prerequisites

Network access to the DTS device on the port where the Allegro RomPager web server is listening (typically HTTP/HTTPS)
Device running vulnerable Allegro RomPager version 4.01 through 4.34

Remotely exploitableNo authentication requiredLow complexity attackHigh EPSS score (85.8%)Affects medical devices used for patient data and monitoringNo patch available for three of four DTS variants

Exploitability

High exploit probability (EPSS 85.8%)

Affected products (1)

ProductAffected VersionsFix Status

Allegro RomPager embedded web server:≥ 4.01 | ≤ 4.34No fix yet

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDFor Dual Board DTS, Digi Connect ES converted to DTS, and Digi Connect ES versions: Disable the embedded Allegro RomPager web server, as it is only needed during initial deployment

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXFor Single Board DTS versions only: Download and apply the firmware update from https://customers.capsuletech.com following standard patching procedures

Long-term hardening

0/2

HARDENINGIsolate all DTS devices from the Internet and position them behind a firewall with access restricted to only authorized administrators

HARDENINGSegment DTS devices onto a separate network from business systems and limit administrative access to secure methods such as VPN

CVEs (1)

CVE-2014-9222

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a41cd02a-087a-43ff-a201-8173b452dd08