12/2020 B. Braun Statement on Cybersecurity Vulnerability with Amnesia:33
B. Braun ensures high security standards throughout the product life cycle by using globally accepted standard test and verification methods. We have established processes to monitor the latest vulnerabilities, threats, or risks and will proactively implement measures as required.
Vulnerability Summary
Cybersecurity firm Forescout Research Labs has discovered a new set of 33 major vulnerabilities in Internet of Things (IOT), operational technology (OT) and IT devices impacting four widely used open-source TCP/IP stacks. These vulnerabilities reside in the uIP, FNET, picoTCP and Nut/Net stacks, which serve as foundational connectivity components for millions of IoT, OT, networking and IT devices. Four of these vulnerabilities are critical and allow for remote code execution.
Analysis & Action
B. Braun’s first analysis determined that NONE of our connected devices
- Infusion system Space®
- Infusion system compactplus®
- Clinical IT Solution OnlineSuite
are affected.
Recommendations
As our clinical IT solutions are installed on standard Windows Servers, we highly recommend reviewing Microsoft’s recommendations and advises concerning the issue. Our B.Braun security team is also available to support if questions arise.
References
Website Forescout Labs – Security Researcher AMNESIA:33 - Forescout
Contact & further Information
You can also contact our global security team if you have any further questions, require detailed technical information, or any other support issue concerning Cybersecurity. You can send an email productsecurity@bbraun.com