The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on the Medtronic (NYSE: MDT) + cardiac device data workflow system.
This vulnerability affects Paceart Optima systems, versions 1.11 and prior.
CISA lists the vulnerability as the deserialization of untrusted data, “exploitable remotely” with “low attack complexity.” The agency says successful exploitation could result in a remote code execution or a denial-of-service condition. This could impact a healthcare delivery organization’s Paceart Optima system.
If a healthcare delivery organization enabled the optional Paceart Messaging Service in the system, an unauthorized user could exploit the vulnerability. The unauthorized user may perform remote code execution and/or denial-of-service attacks, the CISA notice said. They could send specifically crafted messages to the system.
Remote code executi…