Cybersecurity researchers from Armis reported that nine vulnerabilities known as “PwnedPiper” could leave pneumatic tube systems (PTS) used in hospitals vulnerable to attacks.
The said PTS in question is the Translogic PTS system by Swisslog Healthcare which is used to transport blood samples in hospital settings to diagnostic laboratories securely for 80% of hospitals in the US.
TransLogic PTS is used by more than 2,300 hospitals in North America and more than 3,000 units worldwide.
“These vulnerabilities can enable an unauthenticated attacker to take over Translogic PTS stations and essentially gain complete control over the PTS network of a target hospital,” said Armis researchers Ben Seri and Barak Hadad.
Armis explained that only 5 out of 9 issues could be exploited by a remote attacker but are all still critical because it is used in health systems.
“The potential for pneumatic tube stations (where the firmware is deployed) to be compromised is dependent on a bad actor who has access to the facility’s information technology network and who could cause additional damage by leveraging these exploits,” said Swisslogic.
Armis said it informed Swisslog about its Nexus PTS control software vulnerability on May 1, 2021, while Swisslog is expected to release a patch for the disclosed vulnerabilities on August 2.
© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.