The U.S. Homeland Security Dept. last week warned of cybersecurity vulnerabilities with the Medtronic Valleylab FT10 and FX8.
The DHS Industrial Control Systems Cyber Emergency Response Team, acting on research from Medtronic, said the Valleylab devices had vulnerabilities that could allow an attacker to overwrite files or remotely execute code that could result in a remote, non-root shell on the products. While network connections and ethernet ports are disabled, network connectivity can be enabled, according to the ICS-CERT.
Models affected by the warning include the Valleylab Exchange Client, version 3.4 and below, Valleylab FT10 Energy Platform software version 4.0.0 and below and Valleylab FX8 Energy Platform software version 1.1.0 and below.
Medtronic recommended users should minimize network exposure for medical devices and systems, locate medical devices behind firewalls and isolate them, restrict system access to authorized personnel only, apply defense-in-depth strategies and disable unnecessary accounts, protocols and services.