MY BRAND BOOK ATMs, Medical and IoT Devices get affected by Supply Chain vulnerabilities

ATMs, Medical and IoT Devices get affected by Supply Chain vulnerabilities

By MYBRANDBOOK

Seven security vulnerabilities have been disclosed in PTC's Axeda software that could be weaponized to gain unauthorized access to medical and IoT devices.

Collectively called "Access:7," the weaknesses – three of which are rated Critical in severity – potentially affect more than 150 device models spanning over 100 different manufacturers, posing a significant supply chain risk.

Besides medical imaging and laboratory machines, vulnerable devices include everything from ATMs, vending machines, cash management systems, and label printers to barcode scanning systems, SCADA systems, asset monitoring and tracking solutions, IoT gateways, and industrial cutters.

Of the 100 impacted device vendors, 55% belong to the healthcare sector, followed by IoT (24%), IT (8%), financial services (5%), and manufacturing (4%) industries. No less than 54% of the customers with devices running Axeda have been identified in the healthcare sector.

The flaws, which affect all versions of the Axeda Agent prior to 6.9.3, were reported as part of a coordinated disclosure process that involved the U.S. Cybersecurity and Infrastructure Security Agency (CISA), Health Information Sharing and Analysis Center (H-ISAC), and the Food and Drug Administration (FDA).

Listed below are the seven flaws discovered:

· CVE-2022-25246 – The use of hard-coded credentials in the AxedaDesktopServer.exe service that could enable remote takeover of a device

· CVE-2022-25247 – A flaw in ERemoteServer.exe that could be leveraged to send specially crafted commands to obtain Remote code execution (RCE) and full file system access

· CVE-2022-25251 – Missing authentication in the Axeda xGate.exe agent that could be used to modify the agent's configuration

· CVE-2022-25249 – A directory traversal flaw in the Axeda xGate.exe agent which could allow a remote unauthenticated attacker to obtain file system read access on the web server

· CVE-2022-25250 – A denial-of-service (DoS) flaw in the Axeda xGate.exe agent by injecting an undocumented command

· CVE-2022-25252 – A buffer overflow vulnerability in the Axeda xBase39.dll component that could result in a DoS

· CVE-2022-25248 – An information disclosure flaw in the ERemoteServer.exe service that exposes the live event text log to unauthenticated parties

BREAKING NEWS

Cisco announces AI-native secure Wi-Fi 7 for future-ready employe...

Announcing a major leap in wireless technology, Cisco has launched its Wi...

The BSE benchmark Sensex tumbled over 800 points, leaving investo...

The BSE benchmark Sensex recently experienced a significant drop, tumblin...

North Korean GPS Interference Disrupts Air Traffic...

South Korea's military has publicly accused North Korea of disrupting GP...

US ordered TSMC to halt chip shipments to China...

TSMC has had regular discussions with the government on export control issu...

TECHNO TRENDS

Nazara and ONDC set to transform in-game monetization with ‘

Nazara Technologies has teamed up with the Open Network for Digital Comme...

Jio Platforms and NICSI to offer cloud services to government

In a collaborative initiative, the National Informatics Centre Services In...

BSNL awards ₹5,000 Cr Project to RVNL-Led Consortium

A syndicate led by Rail Vikas Nigam Limited (abbreviated as RVNL), along wi...

Pinterest tracks users without consent, alleges complaint

A recent complaint alleges that Pinterest, the popular image-sharing platf...

E-Magazine

TECHNOTAINMENT

Eloelo teams up with Elvish Yadav for India's biggest digital

Netflix adds 'Moments' feature for saving, sharing scenes from

Netflix has introduced a new “Moments” feature on its mobile app, whic

Jacqueline Fernandez come together with YouTuber Mr. Beast for

Jacqueline Fernandez has partnered with American YouTuber Mr. Beast to b

MOVERS & SHAKERS

Kamal Nath quits SIFY Technologies

Visa elevates Rishi Chhabra as new Country Manager for India

Rishi holds a Master’s in Industrial Engineering from The Ohio State Univ

Genesys welcomes Albert Nel as Senior VP and Regional Sales Le

Genesys continues to deepen its investment in the APAC region. Earlier this

OPEN YOUR EYES

India Celebrates MSME Day, Focusing Business Continuity During COVID-19 Outbreak

How Technology companies are bringing innovative solutions during COVID-19

Newer Technology Solutions To Ensure Business Continuity During COVID-19

The dangers of phishing are becoming Top Concern for the CEOs

The Security Threat is looming the BFSI Segments

INTERVIEWS

Cisco building a trusted and resilient future for the nation

Bolstering its commitment to help build a truly self-reliant B

CP PLUS is dedicated to spreading a sense of security to every corner of In

Delivering Critical Business Communication Solutions to Enterp

Arya Omnitalk and Syntel’s comprehensive suite of solutions and more than

HOT PICK

BOULT unveils AmpVault V10 & V20 powerbanks: Fast charging, sa

SonicWall Launches TZ80: A Powerful Solution for Remote Office

SonicWall announced today the launch of the TZ80, a groundbreaking securit

Gigabyte X3D Turbo: A Gaming Revolution

GIGABYTE X3D Turbo Mode is a cutting-edge feature that unifies cores distr

MAKE IN INDIA BRANDS

MICROTEK INTERNATIONAL PVT. LTD.

CENTRE FOR DEVELOPMENT OF TELEMATICS (C-DOT)

SAMRIDDHI AUTOMATIONS PVT. LTD.

ALPHAMAX TECHNOLOGIES PVT. LTD.

EMINENT CIO'S OF INDIA

STRATEGIC FRAMEWORK FOR SUSTAINABLE BUSINESS EXPANSION IS PATHWAY TO PROSPERITY

Accelerate the adoption of AI and machine learning...

AGILE TECHNIQUE ENCOURAGES TEAMWORK, ADAPTABILITY, AND CONTINUOUS ITERATION

Several emerging technology trends are significant...

HARNESSING THE POWER OF BIG DATA TO GAIN VALUABLE INSIGHTS

A Technology certainly drives innovation and busin...

ICONS OF INDIA

Icons Of India : Dr. Arvind Gupta

Arvind Gupta is the Head and Co-Founder of the Digital India Foundatio...

ICONS OF INDIA : S KRISHNAN

S Krishnan as the secretary for the electronics and information techno...

Icons Of India : Debjani Ghosh

Debjani Ghosh is the President of the National Association of Software...

PARTNER SPEAKERS

"We will either find a way or make one"

A provider of high-quality IT products and services, Bluecom Infotech caters t...

Regaining its Technical Aura By Resonating Consistency & Reliability

Brand awareness metrics and KPIs help TDM Networks to monitor and analyze the ...

A "Make in India" brand dedicated to offer high quality communication products

For any brand to be successful, it is crucial that it understands the market d...

PSU

DRDO - Defence Research and Development Organisation

DRDO responsible for the development of technology for use by the mili...

IREDA - Indian Renewable Energy Development Agency Limited

IREDA is a specialized financial institution in India that facilitates...

STPI - Software Technology Parks of India

STPI promotes and facilitates the growth of the IT and ITES industry i...

VIDEOS

Top 25 Brands

Most Trusted Brands 2024 : TECH MAHINDRA

Tech Mahindra positions itself as a company that goes beyond just technology, ...

Most Trusted Brands 2024 : AMD

Advanced Micro Devices (AMD) has been a key player in the semiconductor indust...

Most Trusted Brands 2024 : Intel Corporation

Intel Corporation continually pushes the boundaries of processor performance, ...

Global Indian industry

Indian Tech Talent Excelling The Tech World - Shantanu Narayen, CEO- Adobe Systems Incorporated

Shantanu Narayen, CEO of Adobe Systems Incorporated, is renowned for h...

Indian Tech Talent Excelling The Tech World - JAY CHAUDHRY, CEO – Zscaler

Jay Chaudhry, an Indian-American technology entrepreneur, is the CEO a...

Indian Tech Talent Excelling The Tech World - NIKESH ARORA, Chairman CEO - Palo Alto Networks

Nikesh Arora, the Chairman and CEO of Palo Alto Networks, is steering ...

STARNITE AWARDS 2024

ITFORUM 2024

CMO of the Year

WOMEN LEADERSHIP

IMAGE GALLERY

TRENDS IN TECHNOLOGY