Thursday, April 18, 2024

PwnedPiper- 9 Severe Bugs in Critical Infrastructure Threats 80% of All Major Hospitals in U.S.

The TransLogic Pneumatic Tubing System (PTS) is used in thousands of hospitals all over the world, and these pipes connect various departments in comprehensive hospitals. 

According to the report, this TransLogic system is installed in more than 3,000 hospitals in the US. And all these pipes work effectively as it enables the movement of delicate medical materials that generally enables the nurses to implement patient carefreely.

However, the security company Armis pronounced that they have detected 9 vulnerabilities in the PTS control software-Nexus control panel. 

This problem, collectively known as PwnedPiper, and these vulnerabilities allow illegal threat actors to take over the TransLogic pneumatic tube system.

How PwnedPiper Could Be Used?

After investigating the vulnerabilities, the researchers affirmed that it could enable complicated and worrisome ransomware outbreaks, and not only this it also permit the threat actors, to leak delicate hospital data.

The threat actors are targeting the Translogic PTS system as it is one of the advanced systems that consolidate with other hospital systems, and it allows the data that is being shared between these systems to be leaked or manipulated by an attacker.

PwndPiper Vulnerabilities

The analysts have given a full list of the Pwndpiper vulnerabilities and here they are mentioned below:-

  • CVE-2021-37161 – Underflow in udpRXThread
  • CVE-2021-37162 – Overflow in sccProcessMsg
  • CVE-2021-37163 – Two hardcoded passwords accessible through the Telnet server
  • CVE-2021-37164 – Off-by-three stack overflow in tcpTxThread
  • CVE-2021-37165 – Overflow in hmiProcessMsg
  • CVE-2021-37166 – GUI socket Denial Of Service
  • CVE-2021-37167 – User script run by root can be used for PE
  • CVE-2021-37160 – Unauthenticated, unencrypted, unsigned firmware upgrade


As we said above that this attack is quite dangerous, and the PTS system connects comprehensive hospitals, that’s why it is quite necessary to patch these vulnerabilities. 

The security analyst of Armis has suggested some mitigation that is to be followed by the hospital accordingly, here they are mentioned below:-

  • They have recommended hospital bodies to initially, stop the use of Telnet (port 23) on the Translogic PTS stations (the Telnet service is not required in production).
  • Expand the access control lists (ACLs), in which Translogic PTS elements (stations, blowerd, diverters, etc.) were being allotted to interact with the Translogic central server (SCC).
  • Apart from this, the analyst has stated that they must use the following Snort IDS rule to recognize the exploitation efforts of CVE-2021-37161, CVE-2021-37162, and CVE-2021-37165:-
  • alert udp any any -> any 12345 (msg:”PROTOCOL-OTHER Pwned piper exploitation attempt, Too small and malformed Translogic packet”; dsize:<21; content:”TLPU”; depth:4; content:”|00 00 00 01|”; distance:4; within:4; reference:cve,2021-37161; reference:url,; sid:9800002; rev:1;)
  • Use the following Snort IDS rule to detect exploitation attempts of CVE-2021-37164:-
  • alert udp any any -> any 12345 (msg:”PROTOCOL-OTHER Pwned piper exploitation attempt, Too large and malformed Translogic packet”;dsize:>350; content:”TLPU”; depth:4; reference:cve,2021-37164; reference:url,; sid:9800001;)

Moreover, the researchers of Armies asserted that they will continue their investigation, and will try their best to find all the key details of the vulnerabilities. 

Since this attack is quite dangerous as it hampers all the delicate files and data of the hospital, therefore it is very important to follow the mitigation accordingly to bypass such vulnerability attacks in the future.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.


Latest articles

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall Vulnerability (CVE-2024-3400)

In the wake of the recent disclosure of a critical vulnerability (CVE-2024-3400) affecting a...

Cerber Linux Ransomware Exploits Atlassian Servers to Take Full Control

Security researchers at Cado Security Labs have uncovered a new variant of the Cerber...

FGVulDet – New Vulnerability Detector to Analyze Source Code

Detecting source code vulnerabilities aims to protect software systems from attacks by identifying inherent...

North Korean Hackers Abuse DMARC To Legitimize Their Emails

DMARC is targeted by hackers as this serves to act as a preventative measure...

L00KUPRU Ransomware Attackers discovered in the wild

A new variant of the Xorist ransomware, dubbed L00KUPRU, has been discovered in the...

Oracle Releases Biggest Security Update in 2024 – 372 Vulnerabilities Are Fixed – Update Now!

Oracle has released its April 2024 Critical Patch Update (CPU), addressing 372 security vulnerabilities...

Outlook Login Panel Themed Phishing Attack Evaded All Antivirus Detections

Cybersecurity researchers have uncovered a new phishing attack that has bypassed all antivirus detections.The...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.


Mastering WAAP/WAF ROI Analysis

As the importance of compliance and safeguarding critical websites and APIs grows, Web Application and API Protection (WAAP) solutions play an integral role.
Key takeaways include:

  • Pricing models
  • Cost Estimation
  • ROI Calculation

Related Articles