ICSMA-18-144-01 · Published 2018-05-24 · View on CISA ICS-CERT ↗

BeaconMedaes TotalAlert Scroll Medical Air Systems

CVSS 7.5 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to view and potentially modify some device information and web application setup information, which does not include access to patient health information. Additionally, BeaconMedaes has stated that a successful attacker would not be able to affect the ability of the device to operate as designed for the purpose of delivering medical air in compliance with the NFPA 99 standard for healthcare facilities.

CVEs (2)

CVE-2018-7518 CVE-2018-7510

Remediations

BeaconMedaes has stated that the vulnerabilities do not compromise either patient health information or compliance with the NFPA 99 standard for healthcare facilities. To address these vulnerabilities, BeaconMedaes has created update 4107600010.24 and recommends that users of the TotalAlert Scroll Medical Air Systems update to this version or the latest release. BeaconMedaes recommends that affected users reach out to BeaconMedaes directly at 1-888-4MEDGAS (463-3427) to obtain this update.

Affected Vendors

BeaconMedaes

Affected Products (1)

BeaconMedaes · TotalAlert Scroll Medical Air Systems <= 4107600010.23

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more