• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Advertise
  • Subscribe

MassDevice

The Medical Device Business Journal — Medical Device News & Articles | MassDevice

  • Latest News
  • Technologies
    • Artificial Intelligence (AI)
    • Cardiovascular
    • Orthopedics
    • Neurological
    • Diabetes
    • Surgical Robotics
  • Business & Finance
    • Wall Street Beat
    • Earnings Reports
    • Funding Roundup
    • Mergers & Acquisitions
    • Initial Public Offering (IPO)
    • Legal News
    • Personnel Moves
    • Medtech 100 Stock Index
  • Regulatory & Compliance
    • Food & Drug Administration (FDA)
    • Recalls
    • 510(k)
    • Pre-Market Approval (PMA)
    • MDSAP
    • Clinical Trials
  • Special Content
    • Special Reports
    • In-Depth Coverage
    • DeviceTalks
  • Podcasts
    • MassDevice Fast Five
    • DeviceTalks Weekly
    • OEM Talks
      • AbbottTalks
      • Boston ScientificTalks
      • DeviceTalks AI
      • IntuitiveTalks
      • MedtechWOMEN Talks
      • MedtronicTalks
      • Neuro Innovation Talks
      • Ortho Innovation Talks
      • Structural Heart Talks
      • StrykerTalks
  • Resources
    • About MassDevice
    • DeviceTalks
    • Newsletter Signup
    • Leadership in Medtech
    • Manufacturers & Suppliers Search
    • MedTech100 Index
    • Videos
    • Webinars
    • Whitepapers
    • Voices
Home » B,. Braun, Baxter, CareStream, Green Hills affected by Ripple20 cyber vulnerabilities

B,. Braun, Baxter, CareStream, Green Hills affected by Ripple20 cyber vulnerabilities

June 29, 2020 By Sean Whooley

The U.S.  Cybersecurity and Infrastructure Security Agency (CISA) said it is aware of vulnerabilities affecting Treck IP stack implications for embedded systems.

Known as Ripple20, the vulnerabilities allow a remote attacker to exploit and take control of an affected system, according to the CISA statement.

Among the affected companies were B. Braun, Baxter (NYSE:BAX), Green Hills Software and CareStream. CISA encouraged affected users and administrators to review the affected products for additional information and mitigations, as well as to update to the latest stable version of the Treck IP stack software.

B. Braun issued a statement saying that it is aware of the notification from CISA, sharing that the vulnerabilities exist in the third-party software used for network communication in its Outlook 400ES safety infusion pump system.

The company said it received 24 patches from Treck to resolve vulnerabilities, determining that 20 patches are not applicable to the Outlook 400 ES platform. It is not advising any customer action at this time.

Five versions of the Baxter Spectrum infusion system’s wireless battery modules are impacted by the reported vulnerabilities, according to a company statement. To date, the company has not received reports of impacted clinical use related to the vulnerabilities, while it also received a patch and is taking the necessary steps to mitigate any issues.

Additionally, Baxter said to isolate the Spectrum infusion systems to its own network in an effort to reduce the probability that a threat actor could execute an adjacent attack against the system. Additionally, the company recommended appropriate wireless network security protocols and, as a last resort, customers may disable the wireless operation of the pump.

Green Hills said in a statement that its GHnet v2 network stack is based on the network stack from Treck, although they are not identical. Green Hills added new features and fixed bugs, citing those advancements as a reason the vulnerabilities’ impact is less severe than it could have been.

Its Integrity real-time operating system will include fixes for vulnerabilities in future releases and Green Hills is also making patches available to customers on previous releases.

No additional information for the affected products at CareStream was provided, and the company is yet to release a written statement on the matter.

Filed Under: Big Data, Business/Financial News, Health Technology, Regulatory/Compliance, Software / IT Tagged With: B. Braun, Baxter, Carestream Health Inc., Cybersecurity, Green Hills Software, U.S. Department of Homeland Security

More recent news

  • Medtronic Diabetes names CFO with consumer experience ahead of separation
  • Preceptis Medical has a new CEO as it advances ear tube tech
  • FDA clears first over-the-counter cuffless blood pressure monitor
  • Mendaera wins FDA clearance for robotic needle placement
  • Johnson & Johnson seeks to have $442 million antitrust verdict tossed out

About Sean Whooley

Sean Whooley is an associate editor who mainly produces work for MassDevice, Medical Design & Outsourcing and Drug Delivery Business News. He received a bachelor's degree in multiplatform journalism from the University of Maryland, College Park. You can connect with him on LinkedIn or email him at [email protected].

Primary Sidebar

“md
EXPAND YOUR KNOWLEDGE AND STAY CONNECTED
Get the latest med device regulatory, business and technology news.

DeviceTalks Weekly

See More >

MEDTECH 100 Stock INDEX

Medtech 100 logo
Market Summary > Current Price
The MedTech 100 is a financial index calculated using the BIG100 companies covered in Medical Design and Outsourcing.
MDO ad

Footer

MASSDEVICE MEDICAL NETWORK

DeviceTalks
Drug Delivery Business News
Medical Design & Outsourcing
Medical Tubing + Extrusion
Drug Discovery & Development
Pharmaceutical Processing World
MedTech 100 Index
R&D World
Medical Design Sourcing

DeviceTalks Webinars, Podcasts, & Discussions

Attend our Monthly Webinars
Listen to our Weekly Podcasts
Join our DeviceTalks Tuesdays Discussion

MASSDEVICE

Subscribe to MassDevice E-Newsletter
Advertise with us
About
Contact us

Copyright © 2025 · WTWH Media LLC and its licensors. All rights reserved.
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media.

Privacy Policy