PRODUCT SECURITY BULLETIN: VxWorks IPNet Vulnerabilities

Publication Date: 09/26/2019
Last Updated: 09/26/2019

Abbott is monitoring developments related to recently published advisory (ICSA-19-211-01) identifying 11 IPNet vulnerabilities in Wind River’s VxWorks and other widely used Real Time Operating Systems (RTOSs). These vulnerabilities were reported by security researchers at Armis and are sometimes referred to as “Urgent/11”. RTOSs are used in a wide variety of products, including printers, routers, medical devices, firewalls, VOIP phones and industrial controllers. The vulnerabilities identified could allow unauthorized attackers to execute code remotely and take control of the system.

Most Abbott products are unaffected by this advisory. For those products that do use impacted firewalls or software, Abbott’s product security and quality teams are evaluating the vulnerabilities for potential impact including further actions and updates that may be required. There are currently no known exploits of Abbott products related to Urgent/11.

Affected Products

Abbott is providing the list below to assist customers in identifying Abbott products potentially impacted by Urgent/11. This list below is subject to change based on additional information related to impacted operating systems, operating system vendor actions and additional impacted products that are identified.

 

Product

Remediation

Third-party SonicWall Firewalls provided with the following Abbott products:

ACCELERATOR APS
ACCELERATOR a3600
ACCELERATOR p540
Alinity h
Alinity ci-series
Alinity s
Alinity m
ARCHITECT
CELL-DYN Ruby
CELL-DYN Sapphire
m2000

Abbott's configuration of SonicWall Firewalls includes disabling remote management access from untrusted internet sources, which mitigates the vulnerabilities per SonicWall security advisory SNWLID-2019-0009 published 19 July 2019.

i-STAT Alinity

Abbott is developing a software update which is expected to be available to customers in November 2019.

Additional Information

Customers interested in additional information regarding patches, procedures or configuration changes on any Abbott products should contact their Abbott assigned account or customer support representative.

Abbott is committed to ensuring the safety and security our products. For more information on Abbott's product cybersecurity program, please go to: https://www.abbott.com/policies/cybersecurity/our-commitment-to-cybersecurity.html

 

  • share_alt text Share
  • print_alt text Print
  • download_alt text Download PDF
true
accessibility

You are about to exit for another Abbott country or region specific website

Please be aware that the website you have requested is intended for the residents of a particular country or region, as noted on that site. As a result, the site may contain information on pharmaceuticals, medical devices and other products or uses of those products that are not approved in other countries or regions.


The website you have requested also may not be optimized for your specific screen size.

Do you wish to continue and exit this website?

accessibility

You are about to exit the Abbott family of websites for a 3rd party website

Links which take you out of Abbott worldwide websites are not under the control of Abbott, and Abbott is not responsible for the contents of any such site or any further links from such site. Abbott is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of the linked site by Abbott.


The website that you have requested also may not be optimized for your screen size.

Do you wish to continue and exit this website?