Research from various connected device security associations discovered that an inaccurate threat actor could gain full control over some TransLogic PTS stations connected to the internet and then take over the whole PTS network of a target hospital.<\/p><\/p>\n\n\n\n
Respectively, the company detected nine sensitive vulnerabilities in the firmware powering the Nexus Control Panel for handling \u201call current models of Translogic PTS stations.\u201d <\/p><\/p>\n\n\n\n
While not all the bugs could be exploited by a remote attacker, their harshness level remains high provided a PTS\u2019 role in a hospital.<\/p><\/p>\n\n\n\n
Swisslog gets to know about the security concerns and states that they harm the HMI-3 circuit board in Nexus Panels connected to the internet. The company notes in an advisory this weekend that the affected PTS products \u201care setup primarily in hospitals within North America.\u201d Jennie McQuade, Chief Privacy Officer for Swisslog Healthcare, states that the security concerns are not present unless a mix of the variable exists.<\/p><\/p>\n\n\n\n
Swisslog states \u201cThe potential for pneumatic tube stations (where the firmware is set up) to be negotiated is dependent on a threat actors who has access to the facility\u2019s information technology network and who could cause additional damage by leveraging these exploits.\u201d<\/p><\/p>\n\n\n\n
When researching the code powering the TransLogic PTS, Armis found the below-mentioned vulnerabilities:<\/p><\/p>\n\n\n\n
- CVE-2021-37163: <\/strong>Two cases of always-active hardcoded credentials (user and root accounts), accessible over Telnet<\/li><\/ul>\n\n\n\n
- CVE-2021-37167: <\/strong>Privilege escalation; using the hardcoded passwords, a threat actor could run a user script with root privileges<\/li>
- CVE-2021-37166: <\/strong>Denial-of-service (DoS) caused by the GUI process of Nexus Control Panel binding a local service on the entire interface.<\/li><\/ul>\n\n\n\n
Four memory corruption flaws in the control protocol (TLP20) of TransLogic stations that could lead to remote code execution or at least a denial-of-service (DoS) conditions:<\/p><\/p>\n\n\n\n
- CVE-2021-37161: <\/strong>Underflow in udpRXThread<\/li>
- CVE-2021-37162: <\/strong>Overflow in sccProcessMsg<\/li>
- CVE-2021-37165: <\/strong>Overflow in hmiProcessMsg<\/li>
- CVE-2021-37164: <\/strong>Off-by-three stack overflow in tcpTxThretad <\/li><\/ul>\n\n\n\n
And the most serious from all of them:<\/p><\/p>\n\n\n\n
- CVE-2021-37160: <\/strong>Unencrypted, authenticated firmware updates on the Nexus Control Panel. A threat actor could appropriate it to install malicious firmware on the system, importantly taking full control over it.<\/li><\/ul>\n\n\n\n
All of these vulnerabilities are collectively dubbed \u2018PwnedPiper\u2019 by the investigators.<\/p><\/p>\n\n\n\n
![\"Major-Impacts-on-Hosptial-in-North-America-due-to-PwnedPiper-Critical-Bug-image1\"](\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/Major-Impacts-on-Hosptial-in-North-America-due-to-PwnedPiper-Critical-Bug-image1.jpg\")
<\/figure><\/div>\n\n\n\nThey also reported the vulnerabilities on May 1 and worked with Swisslog to develop and test a possible patch (v7.2.5.7), as well as to discover mitigation steps for hospitable unable to apply the fix right away.<\/p><\/p>\n\n\n\n
How to Protect Again PwnedPiper Vulnerabilities?<\/strong><\/h2>\n\n\n\n
For a hospital that is unable to install the recent firmware update for TransLogic PTS. We provide the following steps to defend against all the probable PwnedPiper attacks:<\/p><\/p>\n\n\n\n
- Block all the use of Telnet (port 23) on the Translogic PTS stations (the Telnet service is not needed in production)<\/li>
- Set up access control lists (ACLs), in which Translogic PTS elements (stations, diverters, etc,) are only permitted to transmit with the Translogic central server (SCC). <\/li>
- Use the given Snort IDS rule to detect exploitation trials of CVE-2021-37161, CVE-2021-37162, and CVE-2021-37165:<\/li><\/ul>\n\n\n\n
Alert udp any any -> any 12345 (msg: \u201cPROTOCOL \u2013OTHER Pwneed piper exploitation attempt,<\/p><\/p>\n\n\n\n
Too small and malformed Translogic packet\u201d; dsize:<\/p><\/p>\n\n\n\n
- Use the below mentioned Snort IDS rule to detect exploitation attempts of CVE-2021-37164:<\/li><\/ul>\n\n\n\n
Alert udp any any -> any 12345 (msg: PrROTOCOL \u2013OTHER Pwend piper exploitation attempt, <\/p><\/p>\n\n\n\n
Too large and malformed TransLogic Packet\u201d; dsize:>350; <\/p><\/p>\n\n\n\n
Content: \u201cTLPU\u201d;<\/p><\/p>\n\n\n\n
depth :4; reference : cve, 2021-37164;)<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"
Pneumatic tube system (PTS) stations constantly used in thousands of hospitals across the world are vulnerable to a combination of nine critical security issues collectively referred to as PwnedPiper. PTS solutions are part of a hospital\u2019s critical infrastructure as they are used to quickly deliver items like blood, tissue, lab samples, or medication assistance to […]<\/p>\n","protected":false},"author":2,"featured_media":2710,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"\n
Major Impacts on Hosptial in North America due to PwnedPiper Critical Bug - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Major Impacts on Hosptial in North America due to PwnedPiper Critical Bug - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"Pneumatic tube system (PTS) stations constantly used in thousands of hospitals across the world are vulnerable to a combination of nine critical security issues collectively referred to as PwnedPiper. PTS solutions are part of a hospital\u2019s critical infrastructure as they are used to quickly deliver items like blood, tissue, lab samples, or medication assistance to […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-08-03T08:37:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-08-03T08:37:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/Major-Impacts-on-Hosptial-in-North-America-due-to-PwnedPiper-Critical-Bug-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Major Impacts on Hosptial in North America due to PwnedPiper Critical Bug\",\"datePublished\":\"2021-08-03T08:37:33+00:00\",\"dateModified\":\"2021-08-03T08:37:35+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/\"},\"wordCount\":705,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/\",\"url\":\"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/\",\"name\":\"Major Impacts on Hosptial in North America due to PwnedPiper Critical Bug - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2021-08-03T08:37:33+00:00\",\"dateModified\":\"2021-08-03T08:37:35+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Major Impacts on Hosptial in North America due to PwnedPiper Critical Bug\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Major Impacts on Hosptial in North America due to PwnedPiper Critical Bug - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/","og_locale":"en_US","og_type":"article","og_title":"Major Impacts on Hosptial in North America due to PwnedPiper Critical Bug - Xiarch Solutions Private Limited","og_description":"Pneumatic tube system (PTS) stations constantly used in thousands of hospitals across the world are vulnerable to a combination of nine critical security issues collectively referred to as PwnedPiper. PTS solutions are part of a hospital\u2019s critical infrastructure as they are used to quickly deliver items like blood, tissue, lab samples, or medication assistance to […]","og_url":"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2021-08-03T08:37:33+00:00","article_modified_time":"2021-08-03T08:37:35+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/08\/Major-Impacts-on-Hosptial-in-North-America-due-to-PwnedPiper-Critical-Bug-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Major Impacts on Hosptial in North America due to PwnedPiper Critical Bug","datePublished":"2021-08-03T08:37:33+00:00","dateModified":"2021-08-03T08:37:35+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/"},"wordCount":705,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/","url":"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/","name":"Major Impacts on Hosptial in North America due to PwnedPiper Critical Bug - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2021-08-03T08:37:33+00:00","dateModified":"2021-08-03T08:37:35+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/major-impacts-on-hosptial-in-north-america-due-to-pwnedpiper-critical-bug\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Major Impacts on Hosptial in North America due to PwnedPiper Critical Bug"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2708"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=2708"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2708\/revisions"}],"predecessor-version":[{"id":2712,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/2708\/revisions\/2712"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/2710"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=2708"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=2708"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=2708"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- Use the below mentioned Snort IDS rule to detect exploitation attempts of CVE-2021-37164:<\/li><\/ul>\n\n\n\n
- CVE-2021-37162: <\/strong>Overflow in sccProcessMsg<\/li>
- CVE-2021-37166: <\/strong>Denial-of-service (DoS) caused by the GUI process of Nexus Control Panel binding a local service on the entire interface.<\/li><\/ul>\n\n\n\n
- CVE-2021-37167: <\/strong>Privilege escalation; using the hardcoded passwords, a threat actor could run a user script with root privileges<\/li>