Hamilton-T1

Monitor4.3ICS-CERT ICSMA-21-047-01Feb 16, 2021

Attack VectorPhysical

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

The Hamilton T1 Ventilator contains hardcoded credentials and memory exposure vulnerabilities that allow an attacker with physical access to crash the device or read sensitive information from its memory. The vulnerabilities cannot be exploited remotely. These issues affect firmware versions 2.2.3 and earlier.

What this means

What could happen

An attacker with physical access to the ventilator could crash the device or read sensitive information from its memory, potentially interrupting patient ventilation support.

Who's at risk

Healthcare organizations operating Hamilton Medical T1 ventilators should care about this issue. Ventilators are critical life-support equipment used in hospitals, respiratory therapy units, and patient transport. Any interruption or unauthorized modification could directly impact patient safety.

How it could be exploited

An attacker must have physical access to the Hamilton T1 ventilator device. They can then exploit a hardcoded credential or memory exposure vulnerability to either crash the device or extract sensitive data from it without needing to authenticate over a network.

Prerequisites

Physical access to the T1 ventilator device
Device running firmware version 2.2.3 or earlier

physical access requireddefault or hardcoded credentials (CWE-798)memory/information exposure (CWE-200)affects safety-critical medical deviceno patch available for older firmware

Exploitability

Low exploit probability (EPSS 0.1%)

Affected products (1)

ProductAffected VersionsFix Status

T1 Ventilator:≤ 2.2.3No fix yet

Remediation & Mitigation

0/4

Do now

0/3

HARDENINGMaintain strict physical security and access controls around ventilator devices; limit access to authorized clinical and maintenance personnel only

HARDENINGMonitor device notifications, alarms, and alerts for signs of tampering or unexpected crashes

WORKAROUNDDo not connect unauthorized third-party devices or use unauthorized software with ventilators

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXUpdate T1 Ventilator firmware to a version later than 2.2.3 if available from your equipment supplier

CVEs (3)

CVE-2020-27278 CVE-2020-27282 CVE-2020-27290

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/18bd9447-c523-44ce-a9f2-969856bb43ab