CISA Warns of Critical Vulnerabilities in Healthcare and Manufacturing ICS Products

The US Cybersecurity and Infrastructure Security Agency (CISA) issued a warning this week regarding two new vulnerabilities in industrial control systems (ICS) used in healthcare and critical manufacturing sectors. The vulnerabilities, affecting Baxter’s Connex Health Portal and Mitsubishi Electric’s MELSEC line of programmable controllers, could potentially attract cybercriminals looking to exploit these weaknesses.

CISA highlighted two vulnerabilities in Baxter’s Connex Health Portal, including a severe SQL injection flaw that could allow attackers to access, modify, and delete sensitive data. Another vulnerability involves improper access control, potentially compromising patient and clinician information. While Baxter has released updates to address these issues, CISA advises affected organizations to take additional measures to secure their systems, such as minimizing network exposure and using secure remote access methods.

Meanwhile, Mitsubishi Electric’s MELSEC programmable controllers face denial-of-service vulnerabilities, with one flaw dating back to 2020 and ongoing updates to mitigate the threat. These vulnerabilities could lead to operational disruptions in industrial automation and control applications, highlighting the importance of ongoing security measures in the manufacturing sector.

The healthcare and manufacturing industries are frequent targets for cyberattacks due to the valuable data they hold and the potential for operational disruptions. With a significant number of manufacturing companies still vulnerable to high-severity vulnerabilities, the risk of attacks in these sectors remains high. CISA’s warning serves as a reminder of the ongoing threat posed by cybercriminals and the need for robust cybersecurity measures to protect critical infrastructure.