Capsule Technologies SmartLinx Neuron 2 (Update A)

Plan Patch7.6ICS-CERT ICSMA-20-196-01Jul 14, 2020

Attack VectorPhysical

Auth RequiredNone

ComplexityLow

User InteractionNone needed

Summary

SmartLinx Neuron 2 firmware versions 9.0.3 and earlier contain a vulnerability that allows an attacker with physical access to gain full control of the device. The Neuron 2 is a medical device platform commonly used in hospitals to aggregate and interface with patient monitoring and clinical systems. Successful exploitation would compromise the device's trustworthiness on the hospital network, potentially allowing interception or manipulation of patient data and medical device communications. This vulnerability is not exploitable remotely and requires direct physical access, typically via USB or local peripheral interfaces. Capsule Technologies has released a fix in firmware version 9.0.4 and above.

What this means

What could happen

An attacker with physical access to a SmartLinx Neuron 2 device could gain full control of a critical medical device on a hospital network, potentially allowing them to intercept, modify, or disrupt patient data and medical device communications.

Who's at risk

Hospital medical device teams managing SmartLinx Neuron 2 patient data aggregators or medical device interfaces. This affects any organization using the Neuron 2 as a trusted device on a healthcare network to collect, aggregate, or route patient or medical device data.

How it could be exploited

An attacker must physically connect to the Neuron 2 device, likely via USB port or local interface, to exploit this vulnerability and gain elevated privileges. Once compromised, the device becomes a trusted node on the hospital network, allowing the attacker to pivot to other systems or intercept medical data flows.

Prerequisites

Physical access to the SmartLinx Neuron 2 device
Access to USB port or local peripheral interface
Device must be powered on and connected to the network

Requires physical access (low remote risk)No authentication required for physical exploitationAffects healthcare/medical systemsLow complexity attackFirmware version 9.0.3 and earlier vulnerable

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

SmartLinx Neuron 2: Firmware≤ 9.0.39.0.4 and above

Remediation & Mitigation

0/6

Do now

0/3

HARDENINGRestrict physical access to Neuron 2 devices; keep them in secure, access-controlled areas

HARDENINGEnsure devices remain outside the organization's security perimeter (isolated network segment or air-gapped)

HARDENINGPhysically disable, obstruct, or monitor USB ports on Neuron 2 devices to prevent unauthorized peripheral connections

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpdate SmartLinx Neuron 2 firmware to version 9.0.4 or later via the Capsule SmartLinx application server

HARDENINGConfigure internal systems to not implicitly trust data communications from Neuron 2 devices; implement validation and segmentation

HARDENINGMonitor device logs for signs of unauthorized peripheral connections

CVEs (1)

CVE-2019-5024

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/896f4170-34db-4fb3-9048-9d8777b4f532