Fujifilm FCR Capsula X/Carbon X

Risk Summary

Successful exploitation of these vulnerabilities could result in a denial-of-service condition in affected cassette reader units, causing potential image loss or device unavailability. Attackers could gain unauthorized access to the underlying operating system, allowing arbitrary code execution.

CVEs (2)

Remediations

• Fujifilm has stated the CR-IR 357 system can be configured with what they call Secure Host functionality. This configuration of the software instructs CR-IR 357 to ignore all network traffic other than from the IP address of the Fujifilm image acquisition console. However, this configuration prevents more than one image acquisition console to share the CR-IR 357 Reader Unit. If the user has not implemented Reader Unit sharing, they may contact Fujifilm to request Secure Host functionality be enabled. If the user has implemented Reader Unit sharing, they should contact Fujifilm to discuss available options. Fujifilm can be contacted at 888-FUJI-MED (888-385-4633). Users outside the United States should contact their Fujifilm contact.
• Fujifilm recommends that the first line of defense should be a compensating control of securing the user 's network. Measures should be taken to ensure only authorized devices and personnel have access to the network. Public or guest networks should be segmented, or users should use a VLAN to segregate public traffic from the private network. Administrative and technical controls should also be implemented.
• https://www.fda.gov/MedicalDevices/DigitalHealth/ucm373213.htm

Affected Vendors

Affected Products (3)

Affected Sectors

Healthcare and Public Health