CVE-2021-37166:
Buffer overflow vulnerability in Swisslog Healthcare Nexus Panel HMI3 Control Panel leading to denial of service.
Score
A numerical rating that indicates how dangerous this vulnerability is.
7.5High- Published Date:Aug 2, 2021
- CISA KEV Date:*No Data*
- Industries Affected:20
Threat Predictions
- EPSS Score:0.9
- EPSS Percentile:75%
Exploitability
- Score:3.9
- Attack Vector:NETWORK
- Attack Complexity:LOW
- Privileges Required:NONE
- User Interaction:NONE
- Scope:UNCHANGED
Impact
- Score:3.6
- Confidentiality Impact:NONE
- Integrity Impact:NONE
- Availability Impact:HIGH
Description Preview
Buffer overflow vulnerability in Swisslog Healthcare Nexus Panel HMI3 Control Panel leading to denial of service.
Overview
The vulnerability exists in the HMI3 Control Panel component of Swisslog Healthcare's Nexus Panel systems, which are commonly used in healthcare environments for pneumatic tube transport systems. During system startup, the HMI3 component binds a local service to a TCP port that is accessible on all network interfaces. The issue arises from the significant delay between when this service is started and when the GUI attempts to connect to the TCP socket. This delay creates a window of opportunity for an attacker to hijack the connection. The buffer overflow vulnerability can be exploited to cause a denial of service condition, potentially disrupting the pneumatic tube system's normal operation. This vulnerability is part of a series of security issues discovered in Swisslog Healthcare systems, collectively referred to as "PwnedPiper" by security researchers at Armis.
Remediation
- Organizations using affected Swisslog Healthcare Nexus Panel systems should:
- 1. Update to Nexus Software version 7.2.5.7 or later, which contains fixes for this vulnerability.
- 2. Implement network segmentation to restrict access to the Nexus Panel systems from untrusted networks.
- 3. Monitor network traffic to and from these systems for suspicious activities.
- 4. Consider implementing compensating controls such as firewall rules to block unauthorized access to the affected TCP ports if immediate patching is not possible.
- 5. Contact Swisslog Healthcare support for additional guidance and assistance with remediation.
- 6. Develop and test contingency plans for manual operations in case the pneumatic tube system becomes unavailable due to exploitation of this vulnerability.
References
- 1. Swisslog Healthcare Vendor Advisory: https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37166-bulletin---gui-socket-denial-of-service.pdf
- 2. Swisslog Healthcare CVE Disclosures: https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures
- 3. Armis PwnedPiper Research: https://www.armis.com/PwnedPiper (Note: This link may be broken)
- 4. Swisslog Healthcare Product Information: https://www.swisslog-healthcare.com
- 5. MITRE CWE-120 (Buffer Copy without Checking Size of Input): https://cwe.mitre.org/data/definitions/120.html
Industries Affected
Below is a list of industries most commonly impacted or potentially at risk based on intelligence.
