PTC has issued patches for seven vulnerabilities — three critical — in its widely used Axeda remote management technology.
More than 150 Internet of Things (IoT) devices — including many that are used in the healthcare sector — from over 100 companies are at heightened risk of attack from a set of seven vulnerabilities in a third-party remote access component in the devices.
Three of the bugs are rated as critical because they enable attackers to remotely execute malicious code on vulnerable devices to take full control of them. The remaining vulnerabilities have moderate to high severity ratings and give attackers a way to steal data or to execute denial-of-service attacks.
The vulnerabilities are present in multiple versions of PTC Axeda agent and PTC Desktop Server — technologies that many IoT vendors incorporate in their devices to enable remote access and management. Researchers from Forescout’s Vedere Labs and CyberMDX who discovered the vulnerabilities are tracking them collectively as “Access:7.”
In a report summarizing their findings this week, the researchers described the buggy component as especially prevalent in Internet-connected devices used in the healthcare sector, such as medical imaging, lab, radiotherapy, and surgical technologies. Forescout said an anonymized scan of its customer networks uncovered some 2,000 unique devices with vulnerable versions of Axeda on them. Of that, 55% were deployed in healthcare organizations, 24% in organizations developing IoT products, 8% in IT, 5% in financial services environments, 4% in manufacturing, Read more:https://bit.ly/3vRWGOe