AMNESIA:33 Vulnerabilities Affect Millions of IoT Devices

Multiple Healthcare IoT Products Affected by Critical TCP/IP Stack Vulnerabilities
Cynerio
Dec 10, 2020
Threat Intelligence

Advisory Information

The disclosure of 33 vulnerabilities, collectively dubbed AMNESIA:33, found across four open source TCP/IP stacks yesterday affects multiple Healthcare IoT products provided by various vendors. Four vulnerabilities are critical and impact uIP, FNET, picTCP, and Nut/Net TCP/IP stacks commonly developed into IoT and OT systems.

Devices & Vendors Affected

It is estimated that millions of products from as many as 150 vendors are affected by AMNESIA:33, but details regarding the scope or specific devices are yet to be determined. 

The following vendors have released security advisories regarding their affected products:

Cynerio’s research team is currently working closely with Healthcare IoT vendors to determine exactly which devices, versions, and models are affected across your organizations. We’ll be in close contact with you over the coming days as more information is made available.  

Recommendations

We encourage you to check your inventory for devices that may be affected and keep a close eye on any security notifications you receive from manufacturers regarding AMNESIA:33 vulnerabilities. 

How Cynerio Can Help Mitigate the Threat

As we continue to conduct research and work with vendors to clarify which devices and systems are affected, we stress the importance of working with Cynerio to be proactive and employ preventative healthcare-safe Zero Trust security practices:

  1. Continuously monitor Healthcare IoT networks for anomalous communications
  2. Flag all devices with known vulnerabilities
  3. Configure policy tailored to every device and provide step-by-step mitigation plans for every vulnerability
  4. Expedite safe and effective segmentation strategies across your networks to limit potential infections to small areas of the LAN, prevent lateral movement and the spread of malware, and safeguard network and organizational integrity against threats

If you have any questions or concerns, please don’t hesitate to contact us immediately.

Keep your finger on the pulse of Healthcare IoT security

Get Your Free Pass to HIMSS21

August 9 -13, Las Vegas

HOW? Easy! If you are a Healthcare IT Executive and you book a 30-minute call with us before July 30th, you get a free pass (valued at $1295)

Book a Call

*Please note that there is limited pass availability