![]() ![]() If remote access is necessary, secure methods should be used to connect, such as Virtual Private Networks (VPNs), which should be kept up to date. Control systems and remote devices should be located behind firewalls and should be isolated from the business network. The National Cybersecurity & Communications Integration Center (NCCIC) recommends minimizing network exposure for all control systems and devices and ensuring they are not accessible over the Internet. In addition to updating to the latest version of the software, organizations can take further steps to limit the potential for zero-day vulnerabilities to be exploited. The Natus Neuro technical support department should be contacted for further information. The update is available free of charge for users of NeuroWorks/SleepWorks Version 8.0, 8.1, 8.4, or 8.5. Natus recommends all users of the vulnerable software to update to NeuroWorks/SleepWorks 8.5 GMA 3 as soon as possible. To date there have been no reported instances of the vulnerabilities being exploited in the wild, and no public exploits for the vulnerabilities are known. Natus took immediate action and has now released an updated version of its software which corrects all of the flaws. The vulnerabilities were discovered by security researcher Cory Duplantis from Cisco Talos who reported them to Natus. ![]() Exploitation would allow an attacker to trigger a buffer overflow and execute arbitrary code, allowing the attacker to take full control of the affected system. The vulnerabilities are a combination of stack-based buffer overflow and out-of-bounds read vulnerabilities.ĬVE-2017-2853 would allow an attacker to cause a buffer overflow by sending a specially crafted packet to an affected product while the product attempts to open a file requested by the client.ĬVE-2017-2868 and CVE-2017-2869 relate to flaws in how the program parses data structures. The EMU128 permits single or multiple channel configurations including grid electrodes up to 128 channels. Four X 32 channel input boxes can be connected to the EMU128. CVE-2017-2867 has been assigned a base score of 9.0, with the other four vulnerabilities – CVE-2017-2852, CVE-2017-2858, CVE-2017-2860, and CVE-2017-2861 – given a rating of 7.5. The XLTEK EMU128 package, designed specifically for epilepsy monitoring, allows for flexibility in set up and configuration. Three of the vulnerabilities – tracked as CVE-2017-2853, CVE-2017-2868, and CVE-2017-2869 – have been assigned a CVSS v3 base score of 10, the highest possible score. If the vulnerabilities are successfully exploited they could allow a malicious actor to crash a vulnerable device or trigger a buffer overflow condition that would allow remote code execution.Īll eight vulnerabilities have been assigned a CVSS v3 score above 7.0 and are rated high. ![]() ICS-CERT has issued an advisory following the discovery of eight vulnerabilities in version 8 of Natus Xltek NeuroWorks software used in Natus Xltek EEG medical products. Advisory Issued After 8 Vulnerabilities Discovered in Natus Xltek NeuroWorks Software ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |