ICSMA-18-165-01 · Published 2018-06-14 · View on CISA ICS-CERT ↗

Natus Xltek NeuroWorks

CVSS 10.0 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities require access to the Natus customer network, and could crash the device being accessed; a buffer overflow condition may allow remote code execution.

CVEs (8)

CVE-2017-2852 CVE-2017-2853 CVE-2017-2858 CVE-2017-2860 CVE-2017-2861 CVE-2017-2867 CVE-2017-2868 CVE-2017-2869

Remediations

Natus has released NeuroWorks/SleepWorks 8.5 GMA 3, a software update with security enhancements to address the vulnerabilities identified in NeuroWorks/SleepWorks 8.
A free software update to NeuroWorks/SleepWorks 8.5 GMA 3 is available to users using NeuroWorks/SleepWorks Version 8.0, 8.1, 8.4, or 8.5. Contact the Natus Neuro Technical support department at 1-800 387-7516 or email [email protected] for more details.
Natus recommends installing this update as quickly as possible on affected systems.

Affected Vendors

Natus Medical, Inc. (Natus)

Affected Products (1)

Natus Medical, Inc. (Natus) · Natus Xltek NeuroWorks 8

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more