Publication Date: 09/26/2019
Last Updated: 12/01/2019
Abbott is monitoring developments related to recently published advisory (ICSA-19-211-01) identifying 11 IPNet vulnerabilities in Wind River’s VxWorks and other widely used Real Time Operating Systems (RTOSs). These vulnerabilities were reported by security researchers at Armis and are sometimes referred to as “Urgent/11”. RTOSs are used in a wide variety of products, including printers, routers, medical devices, firewalls, VOIP phones and industrial controllers. The vulnerabilities identified could allow unauthorized attackers to execute code remotely and take control of the system.
Most Abbott products are unaffected by this advisory. For those products that do use impacted firewalls or software, Abbott’s product security and quality teams are evaluating the vulnerabilities for potential impact including further actions and updates that may be required. There are currently no known exploits of Abbott products related to Urgent/11.
Abbott is providing the list below to assist customers in identifying Abbott products potentially impacted by Urgent/11. This list below is subject to change based on additional information related to impacted operating systems, operating system vendor actions and additional impacted products that are identified.
Third-party SonicWall Firewalls provided with the following Abbott products:
Abbott's configuration of SonicWall Firewalls includes disabling remote management access from untrusted internet sources, which mitigates the vulnerabilities per SonicWall security advisory SNWLID-2019-0009 published 19 July 2019.
Software update is available to Abbott customers.
CELL-DYN Emerald 22 AL
Devices connected to a Lab Information System via a serial connection are not impacted.
Devices connected to a Lab Information System via ethernet should be on an isolated network to mitigate the vulnerability (i.e. configure network firewall with remote management access disabled from untrusted internet sources).
The developer is preparing a software update which is expected to be available to Abbott customers in the next software release.
Customers interested in additional information regarding patches, procedures or configuration changes on any Abbott products should contact their Abbott assigned account or customer support representative.
Abbott is committed to ensuring the safety and security our products. For more information on Abbott's product cybersecurity program, please go to: https://www.abbott.com/policies/cybersecurity/our-commitment-to-cybersecurity.html
Please be aware that the website you have requested is intended for the residents of a particular country or region, as noted on that site. As a result, the site may contain information on pharmaceuticals, medical devices and other products or uses of those products that are not approved in other countries or regions.
The website you have requested also may not be optimized for your specific screen size.
Links which take you out of Abbott worldwide websites are not under the control of Abbott, and Abbott is not responsible for the contents of any such site or any further links from such site. Abbott is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of the linked site by Abbott.
The website that you have requested also may not be optimized for your screen size.