CVE-2016-9355 in Alaris 8015 Point of Care
Summary
by MITRE
An issue was discovered in Becton, Dickinson and Company (BD) Alaris 8015 Point of Care (PC) unit, Version 9.5 and prior versions, and Version 9.7. An unauthorized user with physical access to an Alaris 8015 PC unit may be able to obtain unencrypted wireless network authentication credentials and other sensitive technical data by disassembling an Alaris 8015 PC unit and accessing the device's flash memory. Older software versions of the Alaris 8015 PC unit, Version 9.5 and prior versions, store wireless network authentication credentials and other sensitive technical data on the affected device's removable flash memory. Being able to remove the flash memory from the affected device reduces the risk of detection, allowing an attacker to extract stored data at the attacker's convenience.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 09/02/2020
The vulnerability identified as CVE-2016-9355 represents a critical security flaw in Becton, Dickinson and Company's Alaris 8015 Point of Care medical device, specifically affecting firmware versions 9.5 and earlier, as well as version 9.7. This weakness stems from inadequate data protection mechanisms within the device's storage architecture, creating a significant attack surface for unauthorized individuals who possess physical access to the equipment. The issue manifests through a fundamental design flaw where sensitive authentication credentials and technical data are stored in plain text format on removable flash memory components, eliminating any form of encryption or access control measures that would normally protect such information.
The technical exploitation of this vulnerability requires an attacker to physically disassemble the Alaris 8015 PC unit and directly access its internal flash memory storage. This approach aligns with attack patterns documented in the MITRE ATT&CK framework under the T1014 - Rootkit and T1059 - Command and Scripting Interpreter tactics, where adversaries gain access to system components to extract sensitive information. The vulnerability specifically maps to CWE-312 - Cleartext Storage of Sensitive Information, which occurs when sensitive data is stored without proper encryption or obfuscation mechanisms. The removable nature of the flash memory component significantly amplifies the risk, as it allows attackers to completely remove the storage medium and analyze it in controlled environments without raising immediate detection alarms.
The operational impact of this vulnerability extends beyond simple credential theft, as it compromises the entire security posture of healthcare facilities utilizing these devices. When unauthorized users can extract wireless network credentials, they gain the ability to establish unauthorized connections to hospital networks, potentially creating backdoors for further attacks or enabling lateral movement within the healthcare infrastructure. The vulnerability affects critical medical equipment used in point-of-care settings where patient safety and data confidentiality are paramount, making this exposure particularly dangerous in healthcare environments governed by regulations such as HIPAA. The risk is compounded by the fact that these devices often operate in clinical settings where physical security controls may be less stringent than in traditional IT environments, providing attackers with multiple opportunities for physical access.
Organizations should implement immediate mitigations including physical security measures such as securing device access points, implementing tamper-evident seals, and restricting unauthorized physical access to medical devices. The recommended approach involves upgrading to firmware versions that address this vulnerability through proper encryption of stored credentials, implementing secure boot mechanisms, and establishing device integrity monitoring protocols. Security professionals should also consider network segmentation strategies to limit the potential impact of credential compromise, while maintaining proper audit logging and monitoring for unauthorized physical access attempts. This vulnerability underscores the importance of supply chain security and the need for manufacturers to implement robust security-by-design principles in medical devices, particularly those handling sensitive patient information and network credentials.