Select Page

As many as seven security vulnerabilities have been disclosed in PTC’s Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices.

Collectively called “Access:7,” the weaknesses – three of which are rated Critical in severity – potentially affect more than 150 device models spanning over 100 different manufacturers, posing a significant supply chain risk.

PTC’s Axeda solution includes a cloud platform that allows device manufacturers to establish connectivity to remotely monitor, manage and service a wide range of connected machines, sensors, and devices via what’s called the agent, which is installed by the OEMs before the devices are sold to customers.

“Access:7 could enable hackers to remotely execute malicious code, access sensitive data, or alter configuration on medical and IoT devices running PTC’s Axeda remote code and management agent,” researchers from Forescout and CyberMDX said in a joint report published today.

Of the 100 impacted device vendors, 55% belong to the healthcare sector, followed by IoT (24%), IT (8%), financial services (5%), and manufacturing (4%) industries. No less than 54% of the customers with devices running Axeda have been identified in the healthcare sector.

Besides medical imaging and laboratory machines, vulnerable devices include everything from ATMs, vending machines, cash management systems, and label printers to barcode scanning systems, SCADA systems, asset monitoring and tracking solutions, IoT gateways, and industrial cutters.

images from Hacker News