Cybersecurity Update
Medical Device Security
In an effort to maintain product security and customer satisfaction, Mindray evaluates known cybersecurity threats. These efforts include identifying to what extent known threats can impact patient care as well as the efficacy of released patches pertaining to any particular Mindray embedded operating system version.
TLStorm 2.0
On May 3, 2022, Armis Research published a report called TLStorm 2.0. Armis has discovered five vulnerabilities in the implementation of TLS communications in multiple models of Aruba and Avaya switches. Both vendors have been found to have switches vulnerable to remote code execution (RCE) vulnerabilities that can be exploited over the network.
Learn more>>
Log4j2
On December 9, 2021 a high severity vulnerability (CVE-2021-44228) referred to as Log4j2 was published on GitHub which impacts Apache Log4J and the affected version ranges from 2.0 to 2.14.1. The exploitation of vulnerabilities can cause unauthenticated remote code execution.
Learn more>>
Nucleus:13
On November 9, 2021, Forescout Research published a report called NUCLEUS:13. The report details research they conducted into the Nucleus NET, the TCP/IP stack of the Siemens owned Nucleus real-time operating system (RTOS), where they found 13 new vulnerabilities. These vulnerabilities will cause security risks to devices using the Nucleus RTOS.
Learn more>>
Print Nightmare Security
On July 7, 2021 Microsoft released “Out-of-Band” patches to address security vulnerabilities affecting the Windows operating system, these vulnerabilities are commonly known as “Print Nightmare” or “Chaos Print Nightmare”. The released patches (CVE-2021-1675 and CVE-2021-34527) address weaknesses which if exploited would allow a hacker to run arbitrary code with system level privileges.
Learn more>>
Urgent/11
On October 1, 2019 FDA issued a Safety Communications regarding the Urgent/11 Cybersecurity vulnerabilities. These vulnerabilities exist in a third-party software component, IPNet, used for network communications. IPNet is utilized in several real-time operating systems which may be incorporated into some medical devices. Mindray has not and does not use the identified operating systems in any product sold in North America.
Learn more>>
WannaCry Worm
The WannaCry Worm identified in May, 2017 impacted Windows Operating Systems around the world. Microsoft released a patch (MS17-010) to address the vulnerabilities exploited by the WannaCry Worm. Mindray has evaluated this patch and is ready to deploy where applicable. If you feel you have been exposed to WannaCry and would like more information, please contact Mindray Technical Support HIS group.
Learn more>>
Petya Malware
The Petya Malware was first identified in March 2016. Microsoft addressed the vulnerabilities exploited by Petya Malware in the Microsoft Patch (MS17-010). Mindray has evaluated this patch and is ready to deploy where applicable. If you feel you have been exposed to Petya Malware and would like more information, please contact Mindray Technical Support HIS group.
Learn more>>