Siemens Healthineers, a Siemens company that makes medical products, has disclosed multiple software products are impacted by the Remote Desktop Services (RDS) or BlueKeep vulnerability.
Microsoft released patches to fix the critical RDS flaw CVE-2019-0708 on Windows XP, 7, Server 2003 and Server 2008 OS. Vulnerable systems with exposed RDS ports/services could allow an unauthenticated attacker to connect via RDP and execute arbitrary code on the target system.
The Siemens Healthineers software products impacted by the BlueKeep vulnerability include:
- Medicalis Clinical Decision Support
- Medicalis Intelligo
- Medicalis Referral Management
- Medicalis Workflow Orchestrator
- Screening Navigator
- syngo Dynamics
- syngo Imaging
- syngo Plaza
- syngo Workflow MLR
- syngo Workflow SLR
- syngo.via View&GO
- syngo.via WebViewer
- teamplay (receiver software only)
Nearly all of the medical product versions in the list are impacted by BlueKeep. The exception being syngo Dynamics, which affects VA10 and earlier versions.
Security experts are warning of increased scanning activity this past weekend for systems vulnerable to BlueKeep, which raises awareness for organizations to take the threat seriously.
Siemens recommends organizations update affected products with Microsoft patches as soon as possible. The company also recommends companies have appropriate backups and system restoration procedures in place, as well as updated antivirus signatures/patterns and secure configuration of devices.