Friday, March 29, 2024

PwnedPiper- 9 Severe Bugs in Critical Infrastructure Threats 80% of All Major Hospitals in U.S.

The TransLogic Pneumatic Tubing System (PTS) is used in thousands of hospitals all over the world, and these pipes connect various departments in comprehensive hospitals. 

According to the report, this TransLogic system is installed in more than 3,000 hospitals in the US. And all these pipes work effectively as it enables the movement of delicate medical materials that generally enables the nurses to implement patient carefreely.

However, the security company Armis pronounced that they have detected 9 vulnerabilities in the PTS control software-Nexus control panel. 

This problem, collectively known as PwnedPiper, and these vulnerabilities allow illegal threat actors to take over the TransLogic pneumatic tube system.

How PwnedPiper Could Be Used?

After investigating the vulnerabilities, the researchers affirmed that it could enable complicated and worrisome ransomware outbreaks, and not only this it also permit the threat actors, to leak delicate hospital data.

The threat actors are targeting the Translogic PTS system as it is one of the advanced systems that consolidate with other hospital systems, and it allows the data that is being shared between these systems to be leaked or manipulated by an attacker.

PwndPiper Vulnerabilities

The analysts have given a full list of the Pwndpiper vulnerabilities and here they are mentioned below:-

  • CVE-2021-37161 – Underflow in udpRXThread
  • CVE-2021-37162 – Overflow in sccProcessMsg
  • CVE-2021-37163 – Two hardcoded passwords accessible through the Telnet server
  • CVE-2021-37164 – Off-by-three stack overflow in tcpTxThread
  • CVE-2021-37165 – Overflow in hmiProcessMsg
  • CVE-2021-37166 – GUI socket Denial Of Service
  • CVE-2021-37167 – User script run by root can be used for PE
  • CVE-2021-37160 – Unauthenticated, unencrypted, unsigned firmware upgrade

Mitigations

As we said above that this attack is quite dangerous, and the PTS system connects comprehensive hospitals, that’s why it is quite necessary to patch these vulnerabilities. 

The security analyst of Armis has suggested some mitigation that is to be followed by the hospital accordingly, here they are mentioned below:-

  • They have recommended hospital bodies to initially, stop the use of Telnet (port 23) on the Translogic PTS stations (the Telnet service is not required in production).
  • Expand the access control lists (ACLs), in which Translogic PTS elements (stations, blowerd, diverters, etc.) were being allotted to interact with the Translogic central server (SCC).
  • Apart from this, the analyst has stated that they must use the following Snort IDS rule to recognize the exploitation efforts of CVE-2021-37161, CVE-2021-37162, and CVE-2021-37165:-
  • alert udp any any -> any 12345 (msg:”PROTOCOL-OTHER Pwned piper exploitation attempt, Too small and malformed Translogic packet”; dsize:<21; content:”TLPU”; depth:4; content:”|00 00 00 01|”; distance:4; within:4; reference:cve,2021-37161; reference:url,https://www.armis.com/pwnedPiper; sid:9800002; rev:1;)
  • Use the following Snort IDS rule to detect exploitation attempts of CVE-2021-37164:-
  • alert udp any any -> any 12345 (msg:”PROTOCOL-OTHER Pwned piper exploitation attempt, Too large and malformed Translogic packet”;dsize:>350; content:”TLPU”; depth:4; reference:cve,2021-37164; reference:url,https://www.armis.com/pwnedPiper; sid:9800001;)

Moreover, the researchers of Armies asserted that they will continue their investigation, and will try their best to find all the key details of the vulnerabilities. 

Since this attack is quite dangerous as it hampers all the delicate files and data of the hospital, therefore it is very important to follow the mitigation accordingly to bypass such vulnerability attacks in the future.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity, and hacking news updates.

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles