The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said it is aware of vulnerabilities affecting Treck IP stack implications for embedded systems.
Known as Ripple20, the vulnerabilities allow a remote attacker to exploit and take control of an affected system, according to the CISA statement.
Among the affected companies were B. Braun, Baxter (NYSE:BAX), Green Hills Software and CareStream. CISA encouraged affected users and administrators to review the affected products for additional information and mitigations, as well as to update to the latest stable version of the Treck IP stack software.
B. Braun issued a statement saying that it is aware of the notification from CISA, sharing that the vulnerabilities exist in the third-party software used for network communication in its Outlook 400ES safety infusion pump system.
The company said it received 24 patches from Treck to resolve vulnerabilities, determining that 20 patche…