[Mud] [Dumpsterfire] Vulnerabilities found in GE anesthesia machines (fwd) José María Mateos via Dumpsterfire
Michael Richardson <mcr@sandelman.ca> Wed, 17 July 2019 21:26 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: mud@ietfa.amsl.com
Delivered-To: mud@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32CA7120116 for <mud@ietfa.amsl.com>; Wed, 17 Jul 2019 14:26:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 94jlCG1Qgncz for <mud@ietfa.amsl.com>; Wed, 17 Jul 2019 14:25:58 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAE2F120113 for <mud@ietf.org>; Wed, 17 Jul 2019 14:25:57 -0700 (PDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 902CD3808A for <mud@ietf.org>; Wed, 17 Jul 2019 17:25:51 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id F2FC6AC2 for <mud@ietf.org>; Wed, 17 Jul 2019 17:25:55 -0400 (EDT)
From: Michael Richardson <mcr@sandelman.ca>
To: mud@ietf.org
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
Message-Id: <20190717212555.F2FC6AC2@sandelman.ca>
Date: Wed, 17 Jul 2019 17:25:55 -0400
Archived-At: <https://mailarchive.ietf.org/arch/msg/mud/Cotu9rTK9_Rt79hdyCOsTqRjNZ4>
Subject: [Mud] [Dumpsterfire] Vulnerabilities found in GE anesthesia machines (fwd) José María Mateos via Dumpsterfire
X-BeenThere: mud@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Discussion of Manufacturer Ussage Descriptions <mud.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mud>, <mailto:mud-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mud/>
List-Post: <mailto:mud@ietf.org>
List-Help: <mailto:mud-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mud>, <mailto:mud-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jul 2019 21:26:00 -0000
--- Begin Message ---Via RISKS Digest 31.33: https://www.zdnet.com/article/vulnerabilities-found-in-ge-anesthesia-machines/ GE recommends not connecting vulnerable anesthesia machines to hospital networks. Security researchers have discovered vulnerabilities in two models of hospital anesthesia machines manufactured by General Electric (GE). The two devices found to be vulnerable are GE Aestiva and GE Aespire -- models 7100 and 7900. According to researchers from CyberMDX, a healthcare cybersecurity firm, the vulnerabilities reside in the two devices' firmware. CyberMDX said attackers on the same network as the devices -- a hospital's network -- can send remote commands that can alter devices' settings. The researcher claims the commands can be used to make unauthorized adjustments to the anesthetic machines' gas composition, such as modifying the concentration of oxygen, CO2, N2O, and other anesthetic agents, or the gas' barometric pressure. Cheers, -- José María (Chema) Mateos || https://rinzewind.org ********************************************************************** The Dumpsterfire mailing list is hosted by firemountain.net. To unsubscribe or change delivery options: http://www.firemountain.net/mailman/listinfo/dumpsterfire--- End Message ---
- [Mud] [Dumpsterfire] Vulnerabilities found in GE … Michael Richardson