More than 150 IoT devices (including those used in the healthcare sector) from more than a hundred manufacturers are at risk of cyber attacks due to seven vulnerabilities in third-party components that provide remote access.
Three vulnerabilities are critical because they allow you to remotely execute malicious code on devices and take full control over them. The danger of the remaining four vulnerabilities varies from medium to high. With their help, attackers can steal data or cause a denial of service.
The problems affect various versions of the PTC Axeda agent and PTC Desktop Server, technologies used by many manufacturers of IoT devices to enable remote administration. The specialists of Forescout Vedere Labs and CyberMDX who discovered the vulnerabilities gave them the common name Access:7 .
Vulnerable components prevail in medical connected devices used for screening, laboratory research, radiation therapy and surgery.
Anonymized scanning of Forescout client networks revealed about 2 thousand unique devices with vulnerable versions of Axeda. 55% of them are deployed in healthcare institutions, 24% – in organizations engaged in the development of IoT products, 8% – in IT, 5% – in the financial sector and 4% each – in manufacturing and other areas.
In addition to medical devices, the vulnerabilities also affect ATMs, SCADA systems, vending machines, cash management systems, IoT gateways and asset monitoring technologies. The problems are present in Axeda versions prior to 6.9.3. PTC has released fixes for all vulnerabilities.
Access:7 are related to the use of embedded credentials, the lack of authentication mechanisms, insufficient restrictions for the path name and incorrect exception checking/handling.
Three critical vulnerabilities of remote code execution: CVE-2022-25251 in the Axeda agent xGate.exe, CVE-2022-25246 in AxedaDesktopServer.exe and CVE-2022-25247 in the service ERemoteServer.exe .
The most common vulnerabilities in the gateway and library are: CVE-2022-25249, CVE-2022-25250; CVE-2022-25251 and CVE-2022-25252.