Boston Scientific ZOOM LATITUDE Programming System Vulnerability
Five vulnerabilities have been found in the Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor (PRM) Model 3120, a portable cardiac rhythm management programming system.
Summary
Five vulnerabilities have been found in the Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor (PRM) Model 3120, a portable cardiac rhythm management programming system.
Affected platforms
The following platforms are known to be affected:
Boston Scientific ZOOM LATITUDE Programmer/Recorder/Monitor (PRM) Model 3120
Threat details
Introduction
Boston Scientific and academic researchers have disclosed 5 vulnerabilities within the ZOOM LATITUDE Programming System. The device was designed to help interrogate, monitor, and program Boston Scientific implantable pulse generators and is often used in making decisions about patient care during implant procedure and follow-up device checks.
The vulnerabilities have CVSS scores between 6.2 - 6.9. The device itself is not network connected and does not contain hardware to be network connected. These vulnerabilities could allow an attacker with physical access to the affected device to obtain protected health information and/or compromise the integrity of the device.
Vulnerability Details
CVE-2021-38392 (CVSS v3 base score of 6.5) - IMPROPER ACCESS CONTROL
A skilled attacker with physical access to the affected device can gain access to the hard disk drive of the device to change the telemetry region and could use this setting to interrogate or program an implantable device in any region in the world.
CVE-2021-38394 (CVSS v3 base score of 6.2) - MISSING PROTECTION AGAINST HARDWARE REVERSE ENGINEERING USING INTEGRATED CIRCUIT (IC) IMAGING TECHNIQUES
An attacker with physical access to the device can extract the binary that checks for the hardware key and reverse engineer it, which could be used to create a physical duplicate of a valid hardware key. The hardware key allows access to special settings when inserted.
CVE-2021-38396 (CVSS v3 base score of 6.5) - MISSING SUPPORT FOR INTEGRITY CHECK
The programmer installation utility does not perform a cryptographic authenticity or integrity checks of the software on the flash drive. An attacker could leverage this weakness to install unauthorised software using a specially crafted USB.
CVE-2021-38398 (CVSS v3 base score of 6.5) - RELIANCE ON COMPONENT THAT IS NOT UPDATEABLE
The affected device uses off-the-shelf software components that contain unpatched vulnerabilities. A malicious attacker with physical access to the affected device could exploit these vulnerabilities.
CVE-2021-38400 (CVSS v3 base score of 6.9) - USE OF PASSWORD HASH WITH INSUFFICIENT COMPUTATIONAL EFFORT
An attacker with physical access to the affected device can remove the hard disk drive or create a specially crafted USB to extract the password hash for brute force reverse engineering of the system password.
Remediation advice
Boston Scientific does not plan to issue a product update to address these vulnerabilities in ZOOM LATITUDE Programming System, Model 3120.
To reduce the risk of exploitation, Boston Scientific recommends those still utilising the ZOOM LATITUDE PRM Model 3120 implement the following measures:
- Control access to the device and ensure all access is properly inventoried.
- Maintain the device in a secure or locked location when not in use
- Remove patient protected health information (PHI) prior to retiring or removing the device from the facility. Instructions for removing PHI are outlined in the operator’s manual.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 7 October 2021 9:29 am