CVE-2021-37164:
Stack-based buffer overflow vulnerability in Swisslog Healthcare Nexus Panel HMI3 Control Panel allows remote attackers to execute arbitrary code.
Score
A numerical rating that indicates how dangerous this vulnerability is.
9.8Critical- Published Date:Aug 2, 2021
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.8
- EPSS Percentile:74%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:5.9
- Confidentiality Impact:HIGH
- Integrity Impact:HIGH
- Availability Impact:HIGH
Description Preview
Stack-based buffer overflow vulnerability in Swisslog Healthcare Nexus Panel HMI3 Control Panel allows remote attackers to execute arbitrary code.
Overview
This vulnerability affects the Swisslog Healthcare Nexus Panel, which is a component of pneumatic tube systems widely used in hospitals for transporting medications, lab samples, and other critical materials. The issue is a CWE-787 (Out-of-bounds Write) vulnerability in the tcpTxThread function that processes network data. When the function copies received data to a stack buffer, an off-by-3 condition can occur, resulting in a stack-based buffer overflow. This could allow attackers to execute arbitrary code with the privileges of the running application, potentially leading to complete system compromise. This vulnerability is part of a larger set of vulnerabilities discovered in the Swisslog Healthcare pneumatic tube system, collectively known as "PwnedPiper."
Remediation
- To mitigate this vulnerability, organizations should:
- 1. Update to Nexus Software version 7.2.5.7 or later, which contains fixes for this vulnerability.
- 2. If immediate patching is not possible, implement network segmentation to isolate the pneumatic tube system from other hospital networks.
- 3. Monitor network traffic to and from the Nexus Panel for suspicious activity.
- 4. Consider implementing additional access controls to restrict who can communicate with the system.
- 5. Contact Swisslog Healthcare support for assistance with security updates and best practices for securing your pneumatic tube system.
References
- 1. Swisslog Healthcare Vendor Advisory: https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37164-bulletin---off-by-three-stack-overflow-in-tcptxthread.pdf
- 2. Swisslog Healthcare CVE Disclosures: https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures
- 3. Armis PwnedPiper Research: https://www.armis.com/PwnedPiper (Note: Link may be broken, check for updated information)
- 4. Swisslog Healthcare Product Information: https://www.swisslog-healthcare.com
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
