CISA issues advisory about Siemens software vulnerabilities

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on critical vulnerabilities in Siemens’ Nucleus TCP/IP stack, affecting medical devices. The flaws could lead to remote code execution, denial of service, and information leaks. Forescout Research Labs found 2,233 vulnerable devices in the healthcare industry. Siemens has released patches for the vulnerabilities, and major device manufacturers like Cisco, GE Healthcare, and Philips have responded to the report. Medical device security has become more important during the pandemic. CISA recommends defensive measures and urges organizations to perform risk assessments.