CISA’s advisory concerns the BD BodyGuard infusion pumps. They may contain a vulnerability in the form of a missing protection mechanism for an alternate hardware interface.
No known public exploits specifically target this vulnerability, CISA said. Attackers may not exploit the vulnerability remotely. It also has a high attack complexity. BD reported this vulnerability to CISA.
Successful exploitation of the vulnerability could allow a hacker to change configuration settings. It could also allow them to disable the pump. CISA said these BodyGuard pumps may contain the vulnerability:
- BD BodyGuard
- CME BodyGuard 323 (2nd Edition)
- CME BodyGuard 323 Color Vision (2nd Edition)
- CME BodyGuard 323 Color Vision (3rd Edition)
- CME BodyGuard Twins (2nd Edition)
CISA noted that affected pumps are deployed outside the U.S.
Affected pumps allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge could configure or disable the pump. The pump stores no electronic or non-electronic protected health information or personally identifiable information.
Mitigations suggested by BD and CISA
BD suggests that, to reduce risk, users ensure physical access controls remain in place. These ensure that only authorized users can access the affected product. Users should also ensure that they connect only BD-approved equipment to the RS-232 interface.
Additionally, users ought to ensure they don’t connect equipment to the RS-232 interface when affected pumps deliver infusions. BD said they should also protect connected computer systems with BodyComm software with standard security measures.
CISA added that users should minimize network exposure and ensure systems can’t be accessed from the Internet. They should also locate control system networks and remote devices behind firewalls and isolate them from business networks. Finally, when they require remote access, they should use secure methods, such as virtual private networks (VPNs).
