Abbott received a security vulnerability notification from ptc, the supplier who provides the software used in abbottlink, which resides on a customer-owned server.Within the overall software, the axeda desktop server is used to enable remote screen sharing through an abbottlink connection.The identified vulnerability could allow control of the operating system of the server where the software is installed.This vulnerability only impacts customer sites where both aliniq ams and the abbottlink axeda desktop server are installed when: the attacker has credentialled access to the customer network.The attacker knows the abbott-controlled axeda desktop server password; the attacker can connect to a specific port on the axeda desktop server.If the axeda vulnerability is exploited, the attacker could gain access through the axeda desktop server to aliniq ams services which has the potential for a delay in patient results, incorrect results, and/or data privacy issues.There have been no known exploits of this vulnerability on the aliniq ams.
|