A router vulnerability that was disclosed 4-years ago has returned, now affecting medical devices. The vulnerability has been given a rating of 9.8 and issued CVE-2014-9222. 2014 was the date when the vulnerability was originally discovered. The original vulnerability impacted residential gateway SOHO routers. The same flaw in the routers is now affecting these medical devices.
Which Devices Were Affected?
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said that the vulnerability has been found in medical devices. The affected device is the Datacaptor Terminal which was developed by Qualcomm Life Subsidiary Capsule Technologies SAS. The gateways are used by hospitals to connect medical devices to the larger network infrastructure.
Who has found the Flaw?
CyberMDX has found the presence of the flaw in the software component “RomPager” from AllegroSoft which is used by the DTS Web interface. Versions of RomPager earlier than 4.07 are susceptible.
The company has reported its findings to Qualcomm Life, which has developed a firmware patch to resolve the security issue. “Capsule suggests that customers with any of these three versions of DTS disable the installed web server to mitigate the vulnerability,” the company said. “The web server is only employed for configuration during the initial deployment and is not required for the continued remote support of the device.”
The Critical vulnerabilities were discovered in the crucial medical devices are given a recall to have the security patches applied and the recall was completely voluntary.