ICSMA-21-215-01 · Published 2021-08-03 · View on CISA ICS-CERT ↗

Swisslog Healthcare Translogic PTS

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to gain control of the device, escalate privileges, or execute arbitrary code.

CVEs (8)

CVE-2021-37163 CVE-2021-37167 CVE-2021-37161 CVE-2021-37162 CVE-2021-37165 CVE-2021-37164 CVE-2021-37166 CVE-2021-37160

Remediations

Swisslog Healthcare recommends upgrading to the latest software version as soon as it becomes available. Version 7.2.5.7 is reported to fix all vulnerabilities above except CVE-2021-37160. Use the latest version together with mitigation methods below to protect against exploitation of all the listed vulnerabilities. Swisslog also recommends the following mitigation methods until updated software is deployed:
Armis recommends the following practices to identify and block attempts to exploit these issues.

Affected Vendors

Swisslog Healthcare

Affected Products (1)

Swisslog Healthcare · Nexus Control Panel < 7.2.5.7

Affected Sectors

Healthcare

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more