Qualcomm Life Capsule DTS Vulnerability
This content has been archived
This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk
Summary
Threat details
The Capsule DTS is a medical device gateway used by hospitals to connect bedside medical devices such as monitors and respirators to their wider network infrastructure. It has been found that the DTS's web management interface uses a software component that is vulnerable to CVE-2014-9222, better known as the 'misfortune cookie'.
An attacker can exploit this vulnerability by using a specially crafted cookie to write data to arbitrary memory locations on the DTS. Such an attack could result in the DTS being made unavailable, or configured to spoof/leak communications with connected devices.
Remediation advice
Users and administrators should review the ICS-CERT advisory. Capsule originally released a firmware update in 2009 that addresses this vulnerability on the Single Board version of the DTS only. This update can be obtained from Capsule's customer portal.Remediation steps
CVE Vulnerabilities
Last edited: 17 February 2020 12:53 pm