Critical vulnerabilities in a software agent that’s used for remote management could allow hackers to execute malicious code and commands on thousands of medical and other types of devices from healthcare, manufacturing and other industries. Patches have been issued by the software agent’s developer, but most of the affected device vendors will need to release their own updates.
In the meantime, users should mitigate the risks by doing network segmentation and blocking some of the communication ports that can be used to exploit the vulnerabilities.
Seven vulnerabilities on the Axeda platform
Seven flaws ranging in severity from critical to medium were discovered in the Axeda platform by researchers from Forescout and CyberMDX. Axeda was a standalone solution, but is now owned by computer software and services company PTC, which develops solutions for the industrial IoT market.