ATMs, Medical and IoT Devices get affected by Supply Chain vulnerabilities
By MYBRANDBOOK
Seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices.
Collectively called "Access:7," the weaknesses – three of which are rated Critical in severity – potentially affect more than 150 device models spanning over 100 different manufacturers, posing a significant supply chain risk.
Besides medical imaging and laboratory machines, vulnerable devices include everything from ATMs, vending machines, cash management systems, and label printers to barcode scanning systems, SCADA systems, asset monitoring and tracking solutions, IoT gateways, and industrial cutters.
Of the 100 impacted device vendors, 55% belong to the healthcare sector, followed by IoT (24%), IT (8%), financial services (5%), and manufacturing (4%) industries. No less than 54% of the customers with devices running Axeda have been identified in the healthcare sector.
The flaws, which affect all versions of the Axeda Agent prior to 6.9.3, were reported as part of a coordinated disclosure process that involved the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Health Information Sharing and Analysis Center (H-ISAC), and the Food and Drug Administration (FDA).
Listed below are the seven flaws discovered:
· CVE-2022-25246 – The use of hard-coded credentials in the AxedaDesktopServer.exe service that could enable remote takeover of a device
· CVE-2022-25247 – A flaw in ERemoteServer.exe that could be leveraged to send specially crafted commands to obtain Remote code execution (RCE) and full file system access
· CVE-2022-25251 – Missing authentication in the Axeda xGate.exe agent that could be used to modify the agent's configuration
· CVE-2022-25249 – A directory traversal flaw in the Axeda xGate.exe agent which could allow a remote unauthenticated attacker to obtain file system read access on the web server
· CVE-2022-25250 – A denial-of-service (DoS) flaw in the Axeda xGate.exe agent by injecting an undocumented command
· CVE-2022-25252 – A buffer overflow vulnerability in the Axeda xBase39.dll component that could result in a DoS
· CVE-2022-25248 – An information disclosure flaw in the ERemoteServer.exe service that exposes the live event text log to unauthenticated parties
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : MUKESH D. AMBANI
Mukesh Dhirubhai Ambani is an Indian businessman and the chairman and ...
Icons Of India : Dr. Arvind Gupta
Arvind Gupta is the Head and Co-Founder of the Digital India Foundatio...
Icons Of India : AALOK KUMAR
Aalok Kumar is celebrated as a global leader and recipient of the Peop...
BSE - Bombay Stock Exchange
The Bombay Stock Exchange (BSE) is one of India’s largest and oldest...
C-DOT - Center of Development of Telematics
India’s premier research and development center focused on telecommu...
CSC - Common Service Centres
CSC initiative in India is a strategic cornerstone of the Digital Indi...
Indian Tech Talent Excelling The Tech World - NEAL MOHAN, CEO - Youtube
Neal Mohan, the CEO of YouTube, has a bold vision for the platform’s...
Indian Tech Talent Excelling The Tech World - George Kurian, CEO, Netapp
George Kurian, the CEO of global data storage and management services ...
Indian Tech Talent Excelling The Tech World - JAYASHREE ULLAL, President and CEO - Arista Network
Jayshree V. Ullal is a British-American billionaire businesswoman, ser...