AMNESIA:33 Vulnerabilities Affect Millions of IoT Devices
The disclosure of 33 vulnerabilities, collectively dubbed AMNESIA:33, found across four open source TCP/IP stacks yesterday affects multiple Healthcare IoT products provided by various vendors. Four vulnerabilities are critical and impact uIP, FNET, picTCP, and Nut/Net TCP/IP stacks commonly developed into IoT and OT systems.
Devices & Vendors Affected
It is estimated that millions of products from as many as 150 vendors are affected by AMNESIA:33, but details regarding the scope or specific devices are yet to be determined.
The following vendors have released security advisories regarding their affected products:
- EMU Electronic AG
- Yanzi Networks
Cynerio’s research team is currently working closely with Healthcare IoT vendors to determine exactly which devices, versions, and models are affected across your organizations. We’ll be in close contact with you over the coming days as more information is made available.
We encourage you to check your inventory for devices that may be affected and keep a close eye on any security notifications you receive from manufacturers regarding AMNESIA:33 vulnerabilities.
How Cynerio Can Help Mitigate the Threat
As we continue to conduct research and work with vendors to clarify which devices and systems are affected, we stress the importance of working with Cynerio to be proactive and employ preventative healthcare-safe Zero Trust security practices:
- Continuously monitor Healthcare IoT networks for anomalous communications
- Flag all devices with known vulnerabilities
- Configure policy tailored to every device and provide step-by-step mitigation plans for every vulnerability
- Expedite safe and effective segmentation strategies across your networks to limit potential infections to small areas of the LAN, prevent lateral movement and the spread of malware, and safeguard network and organizational integrity against threats
If you have any questions or concerns, please don’t hesitate to contact us immediately.