MY BRAND BOOK ATMs, Medical and IoT Devices get affected by Supply Chain vulnerabilities

ATMs, Medical and IoT Devices get affected by Supply Chain vulnerabilities

By MYBRANDBOOK

Seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices.

Collectively called "Access:7," the weaknesses – three of which are rated Critical in severity – potentially affect more than 150 device models spanning over 100 different manufacturers, posing a significant supply chain risk.

Besides medical imaging and laboratory machines, vulnerable devices include everything from ATMs, vending machines, cash management systems, and label printers to barcode scanning systems, SCADA systems, asset monitoring and tracking solutions, IoT gateways, and industrial cutters.

Of the 100 impacted device vendors, 55% belong to the healthcare sector, followed by IoT (24%), IT (8%), financial services (5%), and manufacturing (4%) industries. No less than 54% of the customers with devices running Axeda have been identified in the healthcare sector.

The flaws, which affect all versions of the Axeda Agent prior to 6.9.3, were reported as part of a coordinated disclosure process that involved the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Health Information Sharing and Analysis Center (H-ISAC), and the Food and Drug Administration (FDA).

Listed below are the seven flaws discovered:

· CVE-2022-25246 – The use of hard-coded credentials in the AxedaDesktopServer.exe service that could enable remote takeover of a device

· CVE-2022-25247 – A flaw in ERemoteServer.exe that could be leveraged to send specially crafted commands to obtain Remote code execution (RCE) and full file system access

· CVE-2022-25251 – Missing authentication in the Axeda xGate.exe agent that could be used to modify the agent's configuration

· CVE-2022-25249 – A directory traversal flaw in the Axeda xGate.exe agent which could allow a remote unauthenticated attacker to obtain file system read access on the web server

· CVE-2022-25250 – A denial-of-service (DoS) flaw in the Axeda xGate.exe agent by injecting an undocumented command

· CVE-2022-25252 – A buffer overflow vulnerability in the Axeda xBase39.dll component that could result in a DoS

· CVE-2022-25248 – An information disclosure flaw in the ERemoteServer.exe service that exposes the live event text log to unauthenticated parties

BREAKING NEWS

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

TECHNO TRENDS

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

E-Magazine

TECHNOTAINMENT

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b

MOVERS & SHAKERS

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this

OPEN YOUR EYES

Driving remote flexibility: Challenges and resolutions

DIGITAL: THE NEXT REVOLUTION

Let us see, How the Pandemic has affected the Indian IT Business?

Entire communications is moving towards Webinar :Age of Discovery

The demand for touch-less services are on huge demand

INTERVIEWS

Alpha Max offers high end solutions in the network space to en

Cisco building a trusted and resilient future for the nation

Security is foundational to everything Cisco does and customers insist on e

AMD Pensando driving innovation in the DPU architecture space

AMD Pensando stands out in the DPU (Data Processing Unit) market with its u

HOT PICK

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr

MAKE IN INDIA BRANDS

MICROTEK INTERNATIONAL PVT. LTD.

NUMERIC INDIA, A Group Brand Legrand

DRUVA SOFTWARE PVT. LTD.

INFOSYS TECHNOLOGIES PVT. LTD.

EMINENT CIO'S OF INDIA

AI TO IMPROVE INSIGHTS THROUGH AUGMENTED ANALYTICS, WHILE EDGE COMPUTING TO ALLOW REAL-TIME PROCESSING

For the fiscal year 2024-25, our organization has ...

AGILE TECHNIQUE ENCOURAGES TEAMWORK, ADAPTABILITY, AND CONTINUOUS ITERATION

Several emerging technology trends are significant...

SUSTAINING SUCCESS BY DELIVERING VALUE TO CUSTOMERS

This includes conducting regular audits, risk asse...

ICONS OF INDIA

Icons Of India : Anil Kumar Lahoti

Anil Kumar Lahoti, Chairman, Telecom Regulatory Authority of India (TR...

ICONS OF INDIA : RAJIV MEMANI

As Chair of the EY Global Emerging Markets Committee, Rajiv connects e...

ICONS OF INDIA : SANJAY NAYAR

Sanjay Nayar is a senior finance professional in the Indian private in...

PARTNER SPEAKERS

A Trusted IT Partner Renowned For Reliability, Expertise, and Customer-Centricity

Fast paced changes in digital technology and constant innovations are impactin...

Aiming To Elevate Value Proposition With Strategic Initiatives

Inflow Technologies leverages data-driven insights to gauge brand awareness an...

"We will either find a way or make one"

A provider of high-quality IT products and services, Bluecom Infotech caters t...

PSU

EESL - Energy Efficiency Services Limited

EESL is uniquely positioned in India’s energy sector to address ener...

BEL - Bharat Electronics Limited

BEL is an Indian Government-owned aerospace and defence electronics co...

RailTel Corporation of India Limited

RailTel is a leading telecommunications infrastructure provider in Ind...

VIDEOS

Top 25 Brands

Most Trusted Brands 2024: HCL TECHNOLOGIES LTD.

HCL Technologies Ltd. (HCLTech) has been at the forefront of technological inn...

HEWLETT PACKARD ENTERPRISE COMPANY (HPE)

HPE is an edge-to-cloud company with offerings spanning Cloud Services, Comput...

Most Trusted Brands 2024: MICROSOFT CORPORATION

Microsoft Corporation has been at the forefront of technological innovation fo...

Global Indian industry

Indian Tech Talent Excelling The Tech World - Aman Bhutani, CEO, GoDaddy

Aman Bhutani, the self-taught techie and CEO of GoDaddy, oversees a co...

Indian Tech Talent Excelling The Tech World - Sundar Pichai, CEO- Alphabet Inc.

Sundar Pichai, the CEO of Google and its parent company Alphabet Inc.,...

Indian Tech Talent Excelling The Tech World - Lal Karsanbhai, President & CEO, Emerson

Lal Karsanbhai, President and CEO of Emerson, assumed the leadership i...

STARNITE AWARDS 2024

ITFORUM 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY