Siemens became aware of a microsoft service 2003 ((b)(4)) vulnerability affecting remote desktop services on which the lantis oncology information system runs.This issue was reported internally at siemens.The precondition for this vulnerability to be misused is activated remote desktops services with open port 3389.Even though remote desktop services including the required port were not reported to be activated in the associated service instructions, siemens cannot exclude that systems in the field may be vulnerable.To present, no exploits have been reported from the field and siemens is not aware of any lantis security incidents due to this vulnerability.The described vulnerability is related to the operating system microsoft server 2003 and not to the lantis application.In a worst case scenario, this vulnerability could be exploited to infect the lantis system which could result to patient mistreatment (dose to wrong location).A partial loss of patient data could also occur (i.E.An offset [position correction] is lost).If this issue is not discovered it may result in an incorrect patient position for the following fractions, leading to a larger dose to a critical organ than expected and severe bodily injury.The reported event occurred in (b)(6).
|