ATMs, Medical and IoT Devices get affected by Supply Chain vulnerabilities
By MYBRANDBOOK
Seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices.
Collectively called "Access:7," the weaknesses – three of which are rated Critical in severity – potentially affect more than 150 device models spanning over 100 different manufacturers, posing a significant supply chain risk.
Besides medical imaging and laboratory machines, vulnerable devices include everything from ATMs, vending machines, cash management systems, and label printers to barcode scanning systems, SCADA systems, asset monitoring and tracking solutions, IoT gateways, and industrial cutters.
Of the 100 impacted device vendors, 55% belong to the healthcare sector, followed by IoT (24%), IT (8%), financial services (5%), and manufacturing (4%) industries. No less than 54% of the customers with devices running Axeda have been identified in the healthcare sector.
The flaws, which affect all versions of the Axeda Agent prior to 6.9.3, were reported as part of a coordinated disclosure process that involved the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Health Information Sharing and Analysis Center (H-ISAC), and the Food and Drug Administration (FDA).
Listed below are the seven flaws discovered:
· CVE-2022-25246 – The use of hard-coded credentials in the AxedaDesktopServer.exe service that could enable remote takeover of a device
· CVE-2022-25247 – A flaw in ERemoteServer.exe that could be leveraged to send specially crafted commands to obtain Remote code execution (RCE) and full file system access
· CVE-2022-25251 – Missing authentication in the Axeda xGate.exe agent that could be used to modify the agent's configuration
· CVE-2022-25249 – A directory traversal flaw in the Axeda xGate.exe agent which could allow a remote unauthenticated attacker to obtain file system read access on the web server
· CVE-2022-25250 – A denial-of-service (DoS) flaw in the Axeda xGate.exe agent by injecting an undocumented command
· CVE-2022-25252 – A buffer overflow vulnerability in the Axeda xBase39.dll component that could result in a DoS
· CVE-2022-25248 – An information disclosure flaw in the ERemoteServer.exe service that exposes the live event text log to unauthenticated parties
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Paytm brings UPI Lite Wallet for low-value transactions
Paytm’s parent company One97 Communications (OCL) is emphasizing upon UP...
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
DRUVA SOFTWARE PVT. LTD.
NUMERIC INDIA, A Group Brand Legrand
TAC SECURITY SOLUTIONS
WIPRO LTD.
Technology Icons Of India 2023: B.V.R. Subrahmanyam
B.V.R. Subrahmanyam belongs to Andhra Pradesh. He is a 1987-batch IAS ...
Technology Icons Of India 2023: Shailendra Katyal
Shailendra is instrumental in Lenovo achieving the no.1 position in PC...
Technology Icons Of India 2023: Bharat Goenka
Bharat Goenka is the Managing Director of Tally Solutions. He is well ...
STPI encouraging software exports from India
Software Technology Parks of India (STPI) is an S&T organization under...
CSCs enabling rural India digitally empowered
Common service centres (CSCs) are digital access points under the Digi...
CERT-IN protecting the cyber security space of India
CERT-In serves in the area of cyber security threats like hacking and ...
IVALUE INFOSOLUTIONS PVT. LTD.
: iValue Info Solutions is a value added distributor, provides solutio...
TECH DATA, A TD SYNNEX COMPANY
Tech Data Corporation was an American multinational distribution compa...
FORTUNE MARKETING PVT. LTD.
Delhi based Fortune Marketing, An ISO 9001:2008 company, distributes ...