← Back to home
ICSMA-18-037-01  ·  Published 2018-02-06  ·  View on CISA ICS-CERT ↗

Vyaire Medical CareFusion Upgrade Utility Vulnerability

CVSS 6.7 MEDIUM

Risk Summary

Independent researcher Mark Cross (@xerubus) has identified an uncontrolled search path element vulnerability in Vyaire Medical 's CareFusion Upgrade Utility application. Vyaire Medical has produced an update that mitigates this vulnerability.

CVEs (1)

Remediations

  • Vyaire Medical is no longer supporting the CareFusion Upgrade Utility v2.0.2.2 and recommends that users upgrade to the newer Vyaire Upgrade Utility v2.0.3.0. This updated Upgrade Utility will not install on Windows XP and will require updating the underlying system to Windows 7 or later.
  • Vyaire Medical has released a Product Security Bulletin, available at the following URL:
  • https://www.vyaire.com/productsecurity
  • The Vyaire Upgrade Utility v2.0.3.0 update is available at the following URL:
  • https://www.vyaire.com/us/our-products/respiratory-care/pulmonary-function-testing/spirometers/spirometry-software-and-firmware-downloads

Affected Vendors

Vyaire Medical

Affected Products (1)

Vyaire Medical · CareFusion Upgrade Utility used with Windows XP systems <= 2.0.2.2

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more