ICS-CERT alert issued for easily exploitable Siemens medical system vulnerabilities.
ICS-CERT alert issued for easily exploitable Siemens medical system vulnerabilities.

Several Siemens medical molecular imaging systems are vulnerable to a series of low level exploits triggering a The Department of Homeland Security's Industrial Control System Computer Emergency Response Team (ICS-CERT) alert.

The alert warns users of four vulnerabilities in the Siemens CT, PET, and SPECT scanners and workflow systems based on Windows 7 which could allow an attacker to execute code remotely that could potentially damage or compromise the safety of the system.

Siemens issued its own customer alert on July 26 but has yet to deliver a patch. Until patches are released, ICS-CERT recommends users minimize network exposure for all medical devices and/or systems, and ensure that they are not accessible from the Internet, locate all medical devices and remote devices behind firewalls, and isolate them from the business network, and use secure methods whenever remote access is required.

 Siemens recommends users ensure they have appropriate backups and system restoration procedures and that users contact a local Siemens customer service engineer or a Siemens regional support center for specific patch and remediation guidance information.