Germany – Operating System Vulnerabilities in Many Medical Devices, Germany’s BfArM and Device Firms Warn

Germany’s Federal Institute for Drugs and Medical Devices (BfArM) warned Tuesday of critical vulnerabilities in Wind River’s real-time operating system VxWorks, which is used in many medical devices, including MRI machines and patient monitors.

“Medical device manufacturers using this operating system must implement risk mitigation measures based on their updated risk analysis in light of this vulnerability,” BfArM said.

The warning comes as earlier this month, Armis Labs discovered 11 vulnerabilities in VxWorks, six of which are critical. The security firm also noted that the vulnerabilities are serious because attackers could take over devices with no user interaction and even bypass perimeter security.

“These devastating traits make these vulnerabilities ‘wormable,’ meaning they can be used to propagate malware into and within networks,” Armis said.

Medical device companies including GE HealthcarePhilipsSiemens and Dräger have released their own warnings and security advisories, noting which of their systems are vulnerable…