Threat Intel: ICS Medical Advisory: ZOLL Defibrillator Dashboards

Severe remotely exploitable vulnerabilities found in ZOLL Defibrillator Dashboards, versions prior to 2.2
Cynerio
Jun 11, 2021
Threat Intelligence

Vulnerability Information

CISA released ICS Medical Advisory (ICSMA-21-161-01) on June 10, 2021, detailing six newly discovered vulnerabilities in ZOLL Defibrillator Dashboards. The vulnerabilities have a CVSS v3 base score of 9.9. These vulnerabilities are remotely executable and are of low attack complexity.

Devices Affected

The ZOLL Defibrillator Dashboard, versions prior to 2.2, are affected by these vulnerabilities. This product is a device management platform.

Vulnerability Details

Successful exploits of these vulnerabilities can enable remote code execution and unauthorized access to credentials. They may also enable attackers to block accessibility to the application, hindering the device's functionality.

  1. CVE-2021-27489 - This vulnerability has a CVSS v3 base score of 9.9. It is a web application that enables non-administrative users to upload malicious files, possibly leading to the remote execution of arbitrary commands. 
  2. CVE-2021-27481 - This vulnerability has a CVSS v3 base score of 7.1. It can allow attackers to access sensitive information using a vulnerable, hardcoded, encryption key in the data exchange process.
  3. CVE-2021-27487 - This vulnerability has a CVSS v3 base score of 7.1. It also can allow attackers to gain access to sensitive information by utilizing credentials stored in plaintext.
  4. CVE-2021-27479 - This vulnerability has a CVSS v3 base score of 4.6. It can enable the product's web application to allow low privilege users to inject parameters containing malicious scripts which can then be inadvertently executed by higher privilege users.
  5. CVE-2021-27485 - This vulnerability has a CVSS v3 base score of 7.1. It exploits a vulnerability in the application that allows users to store credentials (passwords) in recoverable formats. This can enable attackers to gain access to credentials via a web browser.
  6. CVE-2021-27483 - This vulnerability has a CVSS v3 base score of 5.3. Affected devices have insecure filesystem permissions. Attackers exploiting this vulnerability can enable lower privilege users to escalate privileges to the administrative level.

Impact on Healthcare

If any of these vulnerabilities are successfully exploited, they could enable attackers to exfiltrate sensitive data like ePHI. They can also allow attackers to tamper with access to the application, rendering the defibrillators relying on it useless, directly affecting the ability to use this life-saving device in patient care.

What You Can Do to Mitigate the Threat?

ZOLL recommends upgrading all affected devices to the latest version of Defibrillator Version 2.2 or later. Frequent device checks should be performed to ensure device readiness and optimal functionality.

To minimize the risk, devices should not be allowed to access the internet. For required remote access, VPNs should be used. 

How Cynerio Can Help?

Cynerio is always working to ensure the security of your medical devices. We will:

  1. Conduct continuous monitoring to identify every device affected on your network
  2. Flag affected devices and, where possible, direct you to the appropriate patch provided by the vendor
  3. Work closely with you to configure operationally-safe segmentation policies that limit devices' access to the internet and block remote access. 

Some More Helpful Resources

https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 

https://www.zoll.com 


Keep your finger on the pulse of Healthcare IoT security

Get Your Free Pass to HIMSS21

August 9 -13, Las Vegas

HOW? Easy! If you are a Healthcare IT Executive and you book a 30-minute call with us before July 30th, you get a free pass (valued at $1295)

Book a Call

*Please note that there is limited pass availability