PwnedPiper PTS Security Vulnerabilities Put 80% of American Hospitals at Risk!

Today’s cyberspace is on a shaky footing as new security vulnerabilities are cropping up ever so frequently now. Amid the pandemic, the world has witnessed an increasing trend in the number of vulnerabilities identified and their exploits.

Recently, cybersecurity researchers unveiled a set of nine security vulnerabilities, dubbed as ‘PwnedPiper,’ in pneumatic tube systems (PTS) used in 80 percent of hospitals in North America.

PTS systems play a vital role in healthcare. They automate material transport that includes highly sensitive packages such as medications, blood samples, and lab specimens.

The bugs, discovered by cybersecurity firm Armis, were found in the Nexus Control Panel, which powers all the current models of Swisslog Healthcare’s Translogic PTS stations.

“Medications supplied to departments, timely delivery of lab samples, and even blood units supplied to operating rooms all depending on the constant availability of the PTS. The hospital’s operations can be severely derailed if in case a malicious actor exploits the vulnerabilities,” opined Armis researchers.

The nine critical vulnerabilities include unencrypted connections, hard-coded passwords, and unauthenticated firmware updates. These gaping holes could enable a malicious actor to carry out remote code execution (RCE) and take over Nexus stations.

Remote Code Execution (RCE)

“By compromising a Nexus station, an attacker can leverage it for reconnaissance purposes, including harvesting data from the station, such as RFID credentials of any employee that uses the PTS system, details about each station’s functions or location, as well as gain an understanding of the physical layout of the PTS network,” said Armis.

“From there, an attacker can take over all Nexus stations in the tube network and hold them hostage in a sophisticated ransomware attack.”

If a cybercriminal ever gains control of the tube network, the repercussions could include ransomware, man-in-the-middle (MitM), or denial-of-service (DoS) attacks. Any of them would potentially kneecap the targeted hospital’s critical infrastructure.

“This research sheds light on systems that are hidden in plain sight but are nevertheless a crucial building block to modern-day healthcare,” said Armis researchers Ben Seri and Barak Hadad.

“Understanding that patient care depends not only on medical devices, but also on the operational infrastructure of a hospital is an important milestone to securing healthcare environments.”

A Glance at the PwnedPiper Vulnerabilities:

Vulnerability Name CVE
No firmware update validation CVE-2021-37160
Underflow in udpRXThread CVE-2021-37161
Overflow in sccProcessMsg CVE-2021-37162
Hardcoded credentials for the telnet server CVE-2021-37163
Off-by-three stack overflow in tcpTxThread CVE-2021-37164
Overflow in hmiProcessMsg CVE-2021-37165
GUI socket denial of service CVE-2021-37166
Privilege escalation CVE-2021-37167

A New, Patched Version of Nexus Control Panel Released!

A New, Patched Version Of Nexus Control Panel Released!

Swisslog Healthcare has responded swiftly and patched all the vulnerabilities except one that impacts legacy systems. CVE-2021-37160 is due to be patched in a future release.

The company released a new, patched version of the Nexus Control Panel (version and recommended all its Translogic PTS system customers to update their firmware.

“All but one of these vulnerabilities were subsequently removed in a software release containing updated firmware. Mitigations for the remaining vulnerability were made,” stated Swisslog in a press release.

The company documented the details on mitigations in its Network Communications and Deployment Guide, which is readily available for the customers.

“The vulnerabilities only exist when a combination of variables exists,” noted Jennie McQuade, Chief Privacy Officer for Swisslog Healthcare.

“The potential for PTS systems to be compromised is dependent on a bad actor who has access to the facility’s IT network and who could cause additional damage by leveraging these exploits.”

Contact Us

More Articles: