GE Aestiva and Aespire Anesthesia (Update A)

Monitor5.3ICS-CERT ICSMA-19-190-01Jul 9, 2019

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

GE Healthcare anesthesia devices (Aespire, Aestiva, Carestation, Aisys series) expose their serial port interfaces when connected to TCP/IP networks through insecure terminal servers. This configuration allows attackers to remotely send commands and modify device parameters without authentication. The vulnerability stems from terminal server implementations that extend serial port connectivity to the network without security controls like encryption, VPN, or user authentication.

What this means

What could happen

An attacker could remotely modify anesthesia device parameters such as gas flow rates, oxygen concentrations, or sedation levels, potentially compromising patient safety and the integrity of surgical procedures.

Who's at risk

Healthcare facilities (hospitals, surgical centers, ICUs) using GE anesthesia delivery systems—specifically Aespire, Aestiva, Carestation, and Aisys series—that connect these devices to hospital networks via terminal servers. This affects clinical care delivery and patient safety in any facility with modern GE anesthesia equipment.

How it could be exploited

An attacker on the hospital network identifies a GE anesthesia device whose serial port is exposed to the TCP/IP network through a terminal server. The attacker connects to the terminal server's port, sends commands to the anesthesia device without authentication, and modifies critical operational parameters such as drug delivery rates or ventilation settings.

Prerequisites

Network access to the terminal server port exposing the anesthesia device serial connection
Terminal server must be improperly configured (not using encryption or authentication)
The anesthesia device must be connected to a TCP/IP network via a terminal server

remotely exploitableno authentication requiredaffects safety systemsno patch availablelow complexity

Exploitability

Low exploit probability (EPSS 0.3%)

Affected products (4)

4 EOL

ProductAffected VersionsFix Status

GE Aisys: Aisys CS2 Avance Amingo Avance CS2CS2 Avance | Amingo | Avance CS2No fix (EOL)

GE Aespire: 7100 7900 100 Protiva Carestation View7100 | 7900 | 100 | Protiva Carestation ViewNo fix (EOL)

GE Aestiva: 7100 7900 MRI7100 | 7900 MRINo fix (EOL)

GE Carestation: 620 650 650c620 | 650 | 650cNo fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDisable or restrict terminal server access to anesthesia devices if not absolutely required for clinical operations

HARDENINGAudit all existing terminal server configurations connecting to GE anesthesia devices and document justification for each connection

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXReplace existing terminal servers with secure terminal servers that provide strong encryption, VPN, user authentication, network controls, logging, and audit capability

HARDENINGEnable logging and audit trails on all terminal servers to detect unauthorized access attempts

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: GE Aisys: Aisys CS2 Avance Amingo Avance CS2, GE Aespire: 7100 7900 100 Protiva Carestation View, GE Aestiva: 7100 7900 MRI, GE Carestation: 620 650 650c. Apply the following compensating controls:

HARDENINGImplement network segmentation and VLANs to isolate anesthesia devices from general hospital networks

CVEs (1)

CVE-2019-10966

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/58ef381a-d265-4d27-8705-332fec88e689