The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability that could result in remote code execution or a denial-of-service (DoS) condition impacting a healthcare delivery organization’s Paceart Optima system.
Paceart Optima is a software application that runs on a healthcare delivery organization’s Windows server. The application collects, stores, and can be used to retrieve cardiac device data from programs and remote monitoring systems from all major cardiac devices. The Paceart Optima product consists of multiple components that work together to deliver product functionality. This vulnerability impacts the Application Server component.
The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The vulnerability at hand is listed as:
CVE-2023-31222 (CVSS score 9.8 out of 10): Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.
Deserialization is the process of extracting data from files, networks or streams and rebuilding it as objects—as opposed to serialization which involves converting objects to a storable format.
The affected versions are Paceart Optima application versions 1.11 and earlier. If a healthcare delivery organization has enabled the optional Paceart Messaging Service in the Paceart Optima system, an unauthorized user could exploit this vulnerability to perform remote code execution and/or denial-of-service (DoS) attacks by sending specially crafted messages to the Paceart Optima system. Remote code execution could result in the deletion, theft, or modification of Paceart Optima system’s cardiac device data, or use of the Paceart Optima system for further network penetration.
Medtronic states it has not observed any cyberattacks, unauthorized access to, or loss of patient data, or harm to patients related to this issue.
Information about mitigation can be found in the Recommended actions section of the Medtronic security bulletin about this vulnerability.
In essence, the security bulletin says to contact Medtronic to schedule an update and disable the messaging service and message queuing until the update has been completed.
With the additional attention of ransomware operators towards healthcare providers we would like to urge users of the affected Medtronic Paceart Optima device to follow those mitigation instructions.
We don’t just report on vulnerabilities—we identify them, and prioritize action.
Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using Malwarebytes Vulnerability and Patch Management.