ICSMA-21-273-01 · Published 2021-09-30 · View on CISA ICS-CERT ↗

Boston Scientific Zoom Latitude

CVSS 6.9 MEDIUM

Risk Summary

Successful exploitation of these vulnerabilities may allow an attacker with physical access to the affected device to obtain patient protected health information (PHI), and/or compromise the integrity of the device. The affected device is not network connected and does not contain hardware to be network connected.

CVEs (5)

CVE-2021-38400 CVE-2021-38394 CVE-2021-38392 CVE-2021-38396 CVE-2021-38398

Remediations

Boston Scientific is in the process of transitioning all users to a replacement programmer with enhanced security, the LATITUDE Programming System, Model 3300. Boston Scientific will not issue a product update to address the identified vulnerabilities in the ZOOM LATITUDE Programming System, Model 3120.
To reduce the risk of exploitation, Boston Scientific recommends those still utilizing the ZOOM LATITUDE PRM Model 3120 implement the following measures:

Affected Vendors

Boston Scientific

Affected Products (1)

Boston Scientific · ZOOM LATITUDE Programmer/Recorder/Monitor (PRM) Model 3120

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more