https://cert-portal.siemens.com/productcert/rss/advisories_healthcare_products.atomSiemens ProductCERT Security Advisories2020-01-14T00:00:00+00:00Siemens ProductCERTproductcert@siemens.comSiemens ProductCERTSiemens Security Advisorieshttps://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdfSSA-616199 (Last Update: 2020-01-14): BlueKeep Vulnerability Identified in RAPIDPoint® 500 Operating on Windows XP2020-01-14T00:00:00+00:00<p>Microsoft has released updates for several versions of Microsoft Windows, which fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network.</p>
<p>RAPIDPoint® 500 systems operating on Windows XP are affected by this vulnerability.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-187667.pdfSSA-187667 (Last Update: 2019-09-10): DejaBlue Vulnerabilities - Siemens Healthineers Products2019-09-10T00:00:00+00:00<p>Microsoft has released updates for several versions of Microsoft Windows, which fix vulnerabilities in the Remote Desktop Service that are discussed under the name DejaBlue. The vulnerabilities could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network.</p>
<p>All Siemens Healthineers products from all business lines have been evaluated. Most Siemens Healthineers products are not affected by the vulnerabilities because they do not provide the option to activate the Remote Desktop Service, implement other controls that mitigate the vulnerabilities, use a version of Microsoft Windows that is not affected, or are not based on Microsoft Windows.</p>
<p>This advisory provides a full list of affected products from Siemens Healthineers and provides recommendations to mitigate the vulnerabilities.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdfSSA-166360 (Last Update: 2019-07-09): Vulnerability in Advanced Therapy Products from Siemens Healthineers2019-07-09T00:00:00+00:00<p>Microsoft has released updates for several versions of Microsoft Windows, which fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network.</p>
<p>Some Advanced Therapy products from Siemens Healthineers are affected by this vulnerability. The exploitability of the vulnerability depends on the actual configuration and deployment environment of each product.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdfSSA-616199 (Last Update: 2019-07-09): BlueKeep Vulnerability Identified in RAPIDPoint® 500 Operating on Windows XP2019-07-09T00:00:00+00:00<p>Microsoft has released updates for several versions of Microsoft Windows, which fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network.</p>
<p>RAPIDPoint® 500 systems operating on Windows XP are affected by this vulnerability.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdfSSA-832947 (Last Update: 2019-07-09): Vulnerability in Laboratory Diagnostics Products from Siemens Healthineers2019-07-09T00:00:00+00:00<p>Microsoft has released updates for several versions of Microsoft Windows, which fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network.</p>
<p>The majority of Laboratory Diagnostic products are not affected by this vulnerability. However, some products are affected and listed below. The exploitability of the vulnerability depends on the actual configuration and deployment environment of each product.</p>
<p>At the time of advisory publication no public exploitation of this security vulnerability was known.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-166360.pdfSSA-166360 (Last Update: 2019-05-24): Vulnerability in Advanced Therapy Products from Siemens Healthineers2019-05-24T00:00:00+00:00<p>Microsoft has released updates for several versions of Microsoft Windows, which fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network.</p>
<p>Some Advanced Therapy products from Siemens Healthineers are affected by this vulnerability. The exploitability of the vulnerability depends on the actual configuration and deployment environment of each product.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-406175.pdfSSA-406175 (Last Update: 2019-05-24): Vulnerability in Siemens Healthineers Software Products2019-05-24T00:00:00+00:00<p>Microsoft has released updates for Windows XP, Windows 7, Windows Server 2008, and Windows Server 2008 R2 to fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code in the target system if the system exposes the service to the network.</p>
<p>Some Siemens Healthineers software products are affected by this vulnerability. The exploitability of the vulnerability depends on the specific configuration and deployment environment of each product.</p>
<p>Siemens Healthineers recommends installing the appropriate security patches released by Microsoft. The compatibility of Microsoft security patches with products from Siemens Healthineers that are beyond their End of Support date cannot be guaranteed.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-433987.pdfSSA-433987 (Last Update: 2019-05-24): Vulnerability in Radiation Oncology Products from Siemens Healthineers2019-05-24T00:00:00+00:00<p>Microsoft has released updates for several versions of Microsoft Windows, which fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network.</p>
<p>One Radiation Oncology product from Siemens Healthineers is affected by this vulnerability.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-832947.pdfSSA-832947 (Last Update: 2019-05-24): Vulnerability in Laboratory Diagnostics Products from Siemens Healthineers2019-05-24T00:00:00+00:00<p>Microsoft has released updates for several versions of Microsoft Windows, which fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network.</p>
<p>The majority of Laboratory Diagnostic products are not affected by this vulnerability. However, some products are affected and are listed below. The exploitability of the vulnerability depends on the actual configuration and deployment environment of each product.</p>
<p>At the time of advisory publication no public exploitation of this security vulnerability was known.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-932041.pdfSSA-932041 (Last Update: 2019-05-24): Vulnerability in Radiography and Mobile X-ray Products from Siemens Healthineers2019-05-24T00:00:00+00:00<p>Microsoft has released updates for several versions of Microsoft Windows, which fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network.</p>
<p>Some Radiography and Mobile X-ray products from Siemens Healthineers are affected by this vulnerability. The exploitability of the vulnerability depends on the actual configuration and deployment environment of each product.</p>
<p>Siemens Healthineers recommends contacting Siemens Healthineers service desk.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-616199.pdfSSA-616199 (Last Update: 2019-05-24): Vulnerability in Point of Care Diagnostics Products from Siemens Healthineers - Blood Gas2019-05-24T00:00:00+00:00<p>Microsoft has released updates for several versions of Microsoft Windows, which fix a vulnerability in the Remote Desktop Service. The vulnerability could allow an unauthenticated remote attacker to execute arbitrary code on the target system if the system exposes the service to the network.</p>
<p>Some Point-of-care products from Siemens Healthineers are affected by this vulnerability. The exploitability of the vulnerability depends on the actual configuration and deployment environment of each product.</p>
<p>Siemens Healthineers recommends contacting Siemens Healthineers service desk.</p>
https://cert-portal.siemens.com/productcert/pdf/ssb-501863.pdfSSB-501863 (Last Update: 2019-05-22): Customer Information on Microsoft Windows RDP Vulnerability for Siemens Healthineers2019-05-22T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssb-501863.pdfSSB-501863 (Last Update: 2019-05-16): Customer Information on Microsoft Windows RDP Vulnerability for Siemens Healthineers2019-05-16T00:00:00+00:00https://cert-portal.siemens.com/productcert/pdf/ssb-068644.pdfSSB-068644 (Last Update: 2018-08-17): General Customer Information for Speculative Side-Channel Vulnerabilities in Microprocessors2018-08-17T00:00:00+00:00<p>Security researchers published information on vulnerabilities known as Spectre, Meltdown, Spectre-NG, Lazy FP State Restore, Spectre V1.1, and L1 Terminal Fault/Foreshadow. These vulnerabilities affect many modern processors from different vendors to a varying degree.</p>
<p>Siemens is analyzing the impact of these vulnerabilities and of the mitigations released on its own products. If Siemens products are found to be affected, additional product-specific update information will be distributed either via the Siemens ProductCERT website or through Siemens’ customer service organizations if applicable.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-755010.pdfSSA-755010 (Last Update: 2018-06-26): Vulnerability in RAPIDLab 1200 and RAPIDPoint 400/500 Blood Gas Analyzers2018-06-26T00:00:00+00:00<p>Siemens Healthineers has become aware of two potential cybersecurity vulnerabilities for the RAPIDLab® 1200 Series and RAPIDPoint® 400/405/500 Blood Gas Analyzers and recommends specific countermeasures to mitigate the risk.</p>
<p>At the time of advisory publication, no public exploitation of this security vulnerability is known.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-966341.pdfSSA-966341 (Last Update: 2018-06-19): SMBv1 Vulnerabilities in Molecular Diagnostics Products from Siemens Healthineers2018-06-19T00:00:00+00:00<p>Select Molecular Diagnostics products from Siemens Healthineers are affected by the Microsoft Windows SMBv1 vulnerabilities. The exploitability of the vulnerabilities depends on the actual configuration and deployment environment of each product.</p>
<p>Siemens Healthineers has developed solutions for all affected products which are available via customer support. Siemens Healthineers also provides specific countermeasures for systems that have not yet been remediated.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-755010.pdfSSA-755010 (Last Update: 2018-06-12): Vulnerability in RAPIDLab 1200 and RAPIDPoint 400/500 Blood Gas Analyzers2018-06-12T00:00:00+00:00<p>Siemens Healthineers has become aware of two potential cybersecurity vulnerabilities for the RAPIDLab® 1200 Series and RAPIDPoint® 400/405/500 Blood Gas Analyzers and recommends specific countermeasures to mitigate the risk.</p>
<p>At the time of advisory publication, no public exploitation of this security vulnerability is known.</p>
https://cert-portal.siemens.com/productcert/pdf/ssa-701903.pdfSSA-701903 (Last Update: 2018-02-22): SMBv1 Vulnerabilities in Ultrasound Products from Siemens Healthineers2018-02-22T00:00:00+00:00<p>Select Ultrasound products from Siemens Healthineers are affected by the Microsoft Windows SMBv1 vulnerabilities. The exploitability of the vulnerabilities depends on the actual configuration and deployment environment of each product.</p>
<p>Siemens Healthineers provides updates for the affected products, and recommends specific countermeasures until patches can be applied.</p>