Critical Vulnerability in Medtronic Paceart Optima System

The Critical vulnerability could allow an unauthenticated user to perform remote code execution or create a DoS condition

Threat ID:: CC-4350
Threat Severity:: Low
Published:: 30 June 2023 2:15 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

The Critical vulnerability could allow an unauthenticated user to perform remote code execution or create a DoS condition

Affected platforms

The following platforms are known to be affected:

Versions: 1.11 and earlier

Medtronic Paceart Optima

Threat details

Introduction

Medtronic has released a security advisory addressing a Critical vulnerability in Medtronic Paceart Optima Systems. The Critical vulnerability is known as CVE-2023-31222 and has a CVSSv3 score of 9.8.

This vulnerability concerns deserialisation of untrusted data, which could allow an unauthenticated attacker to perform remote code execution, create a denial-of-service (DoS) condition, or execute commands via specifically crafted requests. A successful DoS attack could cause the Paceart Optima system to slow or become unresponsive.

Remediation advice

Affected organisations are encouraged to review Medtronic's Paceart Optima System Application Security Update and apply any relevant updates.

The US Cyber Security and Infrastructure Agency (CISA) has also released a medical advisory classified ICSMA-23-180-01.

Medtronic has advised organisations with a combined Application and Integration Server to contact Medtronic Paceart Optima System technical support for immediate mitigation actions.

For all other configurations, Medtronic recommends the following steps:

Manually disable the Paceart Messaging Service on the Application Server.

Open the “Windows Services” application.
Find the ‘Paceart Messaging Service’
Right-click the “Paceart Messaging Service” and select “Properties.”
Select “Stop” to stop running the service and change the startup type to “Disabled.”
Select ”Apply.”

Manually disable message queuing on the Application Server.

Open server manager.
Select “Add roles and features.”
Select “Start the Remove Roles and Features Wizard.”
Before you begin–next.
Server selection–next.
Server roles–next.
Features section–take action. Select the black box next to Message Queuing.
When the window pops up select the “Remove Features” button.
Select “next.”
Confirmation–select “Remove.”

As long as the Paceart Messaging Service remains disabled, the vulnerability will remain mitigated.

Definitive source of threat updates

CVE Vulnerabilities

Status Reserved

CVE-2023-31222

Certain versions of Paceart Optima from Medtronic contain the following vulnerability:

Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.

Last edited: 30 June 2023 2:15 pm