BD Alaris Gateway Workstation
Act Now10ICS-CERT ICSMA-19-164-01Jun 13, 2019
Attack VectorNetwork
Auth RequiredNone
ComplexityLow
User InteractionNone needed
Summary
BD Alaris Gateway Workstation contains two critical vulnerabilities: a web browser user interface vulnerability and a dangerous file upload vulnerability that could allow unauthorized arbitrary code execution. An attacker could view and edit device status and configuration details as well as cause devices to become unavailable. The vendor states the affected products are not sold in the United States.
What this means
What could happen
An attacker could execute arbitrary code on the Alaris Gateway Workstation, potentially gaining control to alter infusion pump settings, modify medication administration parameters, or disconnect devices from monitoring and network access.
Who's at risk
Healthcare facilities using BD Alaris Gateway Workstation infusion pump management systems should assess their use of these products. The advisory notes these products are not sold in the United States, but organizations that obtained them through other channels or have legacy deployments remain at risk. Affected products include Alaris GS, Alaris GH, Alaris CC, and Alaris TIVA software versions 2.3.6 and below, as well as multiple legacy versions of the Alaris Gateway Workstation.
How it could be exploited
An attacker with network access to the Alaris Gateway Workstation could exploit the web browser user interface vulnerability or upload a malicious file via the dangerous file upload vulnerability to execute arbitrary code on the device.
Prerequisites
- Network access to the Alaris Gateway Workstation web interface
- No authentication required for exploitation
Remotely exploitableNo authentication requiredLow complexityNo patch availableAffects medical devices and patient safety systemsCritical severity (CVSS 10)
Exploitability
Moderate exploit probability (EPSS 1.1%)
Affected products (11)
11 EOL
ProductAffected VersionsFix Status
Alaris Gateway Workstation Alaris GS: software2.3.6 and belowNo fix (EOL)
Alaris Gateway Workstation Alaris GH: software2.3.6 and belowNo fix (EOL)
Alaris Gateway Workstation Alaris CC: software2.3.6 and belowNo fix (EOL)
Alaris Gateway Workstation: 1.3.1 Build 131.3.1 Build 13No fix (EOL)
Alaris Gateway Workstation: 1.1.3 MR Build 111.1.3 MR Build 11No fix (EOL)
Alaris Gateway Workstation Alaris TIVA: software2.3.6 and belowNo fix (EOL)
Alaris Gateway Workstation: 1.0.131.0.13No fix (EOL)
Alaris Gateway Workstation: 1.1.3 Build 101.1.3 Build 10No fix (EOL)
Remediation & Mitigation
0/4
Do now
0/3HARDENINGRestrict network access to the Alaris Gateway Workstation by implementing firewall rules to limit connections to authorized clinical staff and systems only
HARDENINGRestrict the SMB protocol on the Alaris Gateway Workstation network segment to prevent lateral movement and file upload exploitation
HARDENINGMonitor Alaris Gateway Workstation for unauthorized configuration changes, device disconnections, or suspicious file uploads
Mitigations - no patch available
0/1The following products have reached End of Life with no planned fix: Alaris Gateway Workstation Alaris GS: software, Alaris Gateway Workstation Alaris GH: software, Alaris Gateway Workstation Alaris CC: software, Alaris Gateway Workstation: 1.3.1 Build 13, Alaris Gateway Workstation: 1.1.3 MR Build 11, Alaris Gateway Workstation Alaris TIVA: software, Alaris Gateway Workstation: 1.0.13, Alaris Gateway Workstation: 1.1.3 Build 10, Alaris Gateway Workstation: 1.1.6, Alaris Gateway Workstation: 1.1.5, Alaris Gateway Workstation: 1.3.0 Build 14. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate Alaris Gateway Workstation devices from general hospital networks and untrusted systems
CVEs (2)
โโ Navigate ยท Esc Close
API:
/api/v1/advisories/1ce18a1f-4546-40cb-be74-68e7883f67c9