The Department of Homeland Security issued an advisory Friday after Siemens identified four vulnerabilities in its Molecular Imaging products running on Windows 7.
Munich, Germany-based Siemens is preparing updates for the affected products, which are used in medical imaging, according to the advisory.
DHS reports in the report that these vulnerabilities could be exploited remotely, and an unauthenticated remote attacker could execute arbitrary code by sending crafted HTTP requests to the Microsoft web server of affected devices. Exploits that target these vulnerabilities are known to be publicly available.
Siemens reports that the vulnerabilities affect the following products: Siemens PET/CT Systems: All Windows 7-based versions; Siemens SPECT/CT Systems: All Windows 7-based versions; Siemens SPECT Systems: All Windows 7-based versions, and Siemens SPECT Workplaces/Symbia.net: All Windows 7-based versions.
Siemens is working on updates for the affected products, but is recommending organizations take precautions, such as protecting network access to the Molecular Imaging products with appropriate mechanisms. The company also recommends that users have appropriate backups and system restoration procedures.
