CVE-2021-37163:Default Credentials for Telnet Server in Swisslog Healthcare Nexus HMI3 Control Panel

splash
Back

Description Preview

The Swisslog Healthcare Nexus HMI3 Control Panel, operated by software versions prior to 7.2.5.7, contains two user accounts with hardcoded passwords. This insecure permissions issue allows unauthorized access to the system via Telnet, potentially enabling attackers to gain control of the pneumatic tube system used in hospital environments.

Overview

This vulnerability (CVE-2021-37163) is part of the "PwnedPiper" set of vulnerabilities discovered in Swisslog Healthcare's pneumatic tube system (PTS). The HMI3 Control Panel contains two user accounts with hardcoded credentials that can be used to access the system via Telnet. These default credentials cannot be changed by administrators, creating a persistent security risk. An attacker with network access to the device could use these credentials to gain unauthorized access to the system, potentially allowing them to execute arbitrary commands with the privileges of these accounts. This vulnerability could lead to system compromise, data theft, or disruption of critical hospital operations that rely on the pneumatic tube system for transporting medications, lab samples, and other essential items.

Remediation

  1. Update to Nexus Software version 7.2.5.7 or later, which addresses this vulnerability.
  2. If immediate patching is not possible, implement network segmentation to restrict access to the HMI3 Control Panel.
  3. Use firewall rules to block unauthorized Telnet access (port 23) to the affected devices.
  4. Monitor network traffic to detect potential exploitation attempts.
  5. Contact Swisslog Healthcare technical support for assistance with secure configuration and additional mitigation strategies.
  6. Conduct regular security assessments of your healthcare network infrastructure to identify similar vulnerabilities.

References

  1. Armis Security "PwnedPiper" Research: https://www.armis.com/PwnedPiper
  2. Swisslog Healthcare Product Information: https://www.swisslog-healthcare.com
  3. Vendor Security Advisory: https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37163-bulletin---default-credentials-for-the-telnet-server.pdf
  4. Swisslog Healthcare CVE Disclosures: https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures
  5. CWE-798: Use of Hard-coded Credentials: https://cwe.mitre.org/data/definitions/798.html

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Health Care & Social Assistance: Low
    Health Care & Social Assistance
  2. Educational Services: Low
    Educational Services
  3. Accommodation & Food Services: Low
    Accommodation & Food Services
  4. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  5. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  6. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  7. Construction: Low
    Construction
  8. Finance and Insurance: Low
    Finance and Insurance
  9. Information: Low
    Information
  10. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  11. Manufacturing: Low
    Manufacturing
  12. Mining: Low
    Mining
  13. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  14. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  15. Public Administration: Low
    Public Administration
  16. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing
  17. Retail Trade: Low
    Retail Trade
  18. Transportation & Warehousing: Low
    Transportation & Warehousing
  19. Utilities: Low
    Utilities
  20. Wholesale Trade: Low
    Wholesale Trade

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background