Siemens is warning customers that some of its CT and PET scanning machines have a pair of remotely exploitable vulnerabilities that attackers can use to execute arbitrary code.
The flaws actually lie in Windows XP, the operating system on which the imaging equipment runs. One of the vulnerabilities was disclosed earlier this summer, while the other is from 2008. Siemens officials said the bugs can be exploited by unauthenticated remote attackers and neither of them requires much skill to exploit. The older of the two vulnerabilities is an issue with the way Windows XP handles some RPC requests.
“An unauthenticated remote attacker could execute arbitrary code via a specially crafted Remote Procedure Call (RPC) request sent to the Server Service of affected Microsoft Windows systems,” the Siemens advisory says.
The other flaw can be exploited with a simple malicious HTTP request, the company said.
“An unauthenticated remote attacker could execute arbitrary code with the permissions of the web server by sending a specially crafted HTTP request to the WebDAV service,” the advisory says.
Although there aren’t any publicly known exploits available for these vulnerabilities, Siemens has not published patches yet for either of them. The bugs affect several different models of CT, PET, and SPECT scanners, all of which are used for medical imaging.
Officials at the ICS-CERT recommended that until patches are available, customers segment off their machines as much as possible.
“Siemens is preparing updates for the affected products and recommends protecting network access to the Molecular Imaging products with appropriate mechanisms,” the ICS-CERT advisory says.