Threat Intel Solutions

* [ICS/OT Security](/ics-ot-security)* [IoT](/ics-ot-security/iot)* [Threat Intelligence](/threat-intelligence)CISA Flags ICS Bugs in Baxter, Mitsubishi Products CISA Flags ICS Bugs in Baxter, Mitsubishi Products=====================================================================================================The vulnerabilities affect industrial control tech used across the healthcare and critical manufacturing sectors.  [Jai Vijayan, Contributing Writer](/author/jai-vijayan)September 6, 2024 4 Min Read  Source: PopTika via Shutterstock [](https://www.linkedin.com/sharing/share-offsite/?url=https://www.darkreading.com/ics-ot-security/cisa-flags-ics-bugs-in-baxter-mitsubishi-products)[](http://www.facebook.com/sharer/sharer.php?u=https://www.darkreading.com/ics-ot-security/cisa-flags-ics-bugs-in-baxter-mitsubishi-products)[](http://www.twitter.com/intent/tweet?url=https://www.darkreading.com/ics-ot-security/cisa-flags-ics-bugs-in-baxter-mitsubishi-products)[](/cdn-cgi/l/email-protection#724d010710181711064f313b213352341e131501523b31215230071501521b1c5230130a0617005e523f1b060107101b011a1b5222001d160711060154131f0249101d160b4f3b574042061a1d07151a06574042061a17574042141d1e1e1d051b1c1557404214001d1f57404236130019574042201713161b1c155740421f1b151a065740421b1c0617001701065740420b1d075c574236574233574236574233574042313b2133574042341e1315015740423b3121574042300715015740421b1c57404230130a0617005740315740423f1b060107101b011a1b57404222001d16071106015742365742331a060602015741335740345740340505055c16130019001713161b1c155c111d1f5740341b11015f1d065f01171107001b060b574034111b01135f141e1315015f1b11015f100715015f1b1c5f10130a0617005f1f1b060107101b011a1b5f02001d1607110601)[](https://www.reddit.com/submit?url=https://www.darkreading.com/ics-ot-security/cisa-flags-ics-bugs-in-baxter-mitsubishi-products&title=CISA%20Flags%20ICS%20Bugs%20in%20Baxter%2C%20Mitsubishi%20Products) This week the US Cybersecurity and Infrastructure Security Agency (CISA) warned about two new industrial control systems (ICS) vulnerabilities in products widely used in healthcare and critical manufacturing — sectors prone to attract cybercrime.The vulnerabilities affect Baxter’s Connex Health Portal and Mitsubishi Electric’s MELSEC line of programmable controllers. Both vendors have issued updates for the vulnerabilities and recommended mitigations that customers of the respective technologies can take to further mitigate risk.Baxter Connex Vulnerabilities—————————–CISA’s advisory contained information on two vulnerabilities in [Baxter’s Connex Health Portal](https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-249-01) (formerly Hillrom and Welch Allyn) that it described as remotely exploitable and involving low attack complexity. One of the vulnerabilities, assigned as CVE-2024-6795, is a maximum severity (CVSS score of 10.0) SQL injection issue that an unauthenticated attacker can leverage to run arbitrary SQL queries on affected systems. CISA described the flaw as giving attackers the ability to access, modify, and delete sensitive data and take other admin level actions, including shutting down the database.The other vulnerability in Baxter’s Connex Health Portal, tracked as CVE-2024-6796, has to do with improper access control and has a CVSS severity rating of 8.2 on 10. The flaw gives attackers a way to potentially access sensitive patient and clinician information and to modify or delete some of the data. As with CVE-2024-6795, the improper access vulnerability in Baxter Connex Health Portal is also remotely exploitable, involves low attack complexity, and does not require the threat actor to have any special privileges.Baxter has fixed the issues, but CISA has recommended that affected organizations also minimize network exposure for all control system devices and to make sure they are not accessible from the Internet. CISA also wants organizations to stick firewalls in front of control system networks and to use secure remote access methods such as VPNs where remote access is a requirement.So far, there is no sign of exploit activity targeting either vulnerability, CISA said. But healthcare technologies have become a major target for cybercriminals in recent years. This year alone, there have been multiple incidents involving major healthcare players. Among the most notable of them was a ransomware attack on health insurance firm [Change Healthcare earlier this year](https://www.darkreading.com/cyberattacks-data-breaches/round-2-change-healthcare-targeted-second-ransomware-attack) that knocked critical-claims-related services offline for days. Though Change Healthcare [paid a $22 million ransom](https://www.darkreading.com/cyberattacks-data-breaches/blackcat-goes-dark-again-reportedly-rips-off-change-healthcare-ransom) to the BlackCat ransomware group following the attack, the threat actor leaked sensitive health information on millions of Americans on the Dark Web anyway. In another incident, attackers — believed to be the Rhysida ransomware group — [knocked systems offline at Chicago’s Lurie Children’s Hospital](https://www.darkreading.com/cyberattacks-data-breaches/hundreds-of-thousands-impacted-children-hospital-cyberattack) and compromised records belonging to more than 790,000 patients.Multiple factors have contributed to the [healthcare sector becoming a major target](https://aspr.hhs.gov/cyber/Documents/Health-Care-Sector-Cybersecurity-Dec2023-508.pdf) for cybercriminals. These include the fact that healthcare organizations usually hold a lot of valuable data and are particularly vulnerable to any kind of operational disruptions and degradation in their ability to serve patients.Mitsubishi MELSEC Flaws———————–Meanwhile CISA’s advisory on Mitsubishi Electric’s MELSEC programmable controllers for industrial automation and control applications have to do with vulnerabilities the vendor announced previously. One of the advisories involves a [#](/ics-ot-security/cisa-flags-ics-bugs-in-baxter-mitsubishi-products)[denial of service of vulnerability](https://www.cisa.gov/news-events/ics-advisories/icsa-20-303-01) that Mitsubishi first disclosed in 2020 ([CVE-2020-5652](https://www.cve.org/CVERecord?id=CVE-2020-5652)) and has kept updating through the years as new issues related to the flaw have continued to crop up. The latest advisory adds more Mitsubishi MELSEC products to the list of affected technologies and provides new information on mitigating against the threat. The other vulnerability, identified as [CVE-2022-33324](https://www.cve.org/CVERecord?id=CVE-2022-33324), is also a denial-of-service issue, but one resulting from what CISA described as [improper resource shutdown](https://www.cisa.gov/news-events/ics-advisories/icsa-22-356-03) or release. Mitsubishi first disclosed the flaw in December 2022 and has kept updating its advisory with new information. The latest update, which adds new products to the list of affected technologies and provides new mitigation advice, is the company’s third just this year for CVE-2022-33324.Vulnerabilities in ICS and other Information technology products in the manufacturing sector are a particular concern for two reasons: [More than 75% of manufacturing](https://www.darkreading.com/ics-ot-security/critical-manufacturing-sector-in-the-bulls-eye) companies have unpatched high-severity vulnerabilities in their environment; and attacks against manufacturing companies have surged in recent years. A report that Armis released earlier this year showed a [165% increase in attacks](https://media.armis.com/pdfs/rp-the-anatomy-of-cybersecurity-en.pdf) on manufacturing companies in 2023, making it the second-most targeted sector after utilities. [](https://www.linkedin.com/sharing/share-offsite/?url=https://www.darkreading.com/ics-ot-security/cisa-flags-ics-bugs-in-baxter-mitsubishi-products)[](http://www.facebook.com/sharer/sharer.php?u=https://www.darkreading.com/ics-ot-security/cisa-flags-ics-bugs-in-baxter-mitsubishi-products)[](http://www.twitter.com/intent/tweet?url=https://www.darkreading.com/ics-ot-security/cisa-flags-ics-bugs-in-baxter-mitsubishi-products)[](/cdn-cgi/l/email-protection#5f602c2a3d353a3c2b621c160c1e7f19333e382c7f161c0c7f1d2a382c7f36317f1d3e272b3a2d737f12362b2c2a3d362c37367f0f2d303b2a3c2b2c793e322f643d303b2662167a6d6f2b37302a38372b7a6d6f2b373a7a6d6f3930333330283631387a6d6f392d30327a6d6f1b3e2d347a6d6f0d3a3e3b3631387a6d6f323638372b7a6d6f36312b3a2d3a2c2b7a6d6f26302a717a6f1b7a6f1e7a6f1b7a6f1e7a6d6f1c160c1e7a6d6f19333e382c7a6d6f161c0c7a6d6f1d2a382c7a6d6f36317a6d6f1d3e272b3a2d7a6d1c7a6d6f12362b2c2a3d362c37367a6d6f0f2d303b2a3c2b2c7a6f1b7a6f1e372b2b2f2c7a6c1e7a6d197a6d19282828713b3e2d342d3a3e3b363138713c30327a6d19363c2c72302b722c3a3c2a2d362b267a6d193c362c3e7239333e382c72363c2c723d2a382c723631723d3e272b3a2d7232362b2c2a3d362c3736722f2d303b2a3c2b2c)[](https://www.reddit.com/submit?url=https://www.darkreading.com/ics-ot-security/cisa-flags-ics-bugs-in-baxter-mitsubishi-products&title=CISA%20Flags%20ICS%20Bugs%20in%20Baxter%2C%20Mitsubishi%20Products) About the Author—————- [Jai Vijayan, Contributing Writer](/author/jai-vijayan)
Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master’s degree in Statistics and lives in Naperville, Ill. [See more from Jai Vijayan, Contributing Writer](/author/jai-vijayan) Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. [Subscribe](https://dr-resources.darkreading.com/free/w_defa3135/prgm.cgi)You May Also Like*** ** * ** ***More Insights Webinars* [How to Evaluate Hybrid-Cloud Network Policies and Enhance Security](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_tufi05&ch=SBX&cid=_upcoming_webinars_8.500001471&_mc=_upcoming_webinars_8.500001471)September 18, 2024* [DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6923&ch=SBX&cid=_upcoming_webinars_8.500001477&_mc=_upcoming_webinars_8.500001477)September 26, 2024* [Harnessing the Power of Automation to Boost Enterprise Cybersecurity](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_autp86&ch=SBX&cid=_upcoming_webinars_8.500001472&_mc=_upcoming_webinars_8.500001472)October 3, 2024[More Webinars](/resources?types=Webinar) Events* [State of AI in Cybersecurity: Beyond the Hype](https://darkreadingve.tradepub.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6891&ch=SBX&cid=_session_16.500324&_mc=_session_16.500324)October 30, 2024* [-[Virtual Event-] The Essential Guide to Cloud Management](https://iw-resources.informationweek.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6833&ch=iwkSBX&cid=_session_16.500323&_mc=_session_16.500323)October 17, 2024* [Black Hat Europe – December 9-12 – Learn More](https://www.blackhat.com/upcoming.html#europe?cid=_session_16.500321&_mc=_session_16.500321)December 10, 2024* [SecTor – Canada’s IT Security Conference Oct 22-24 – Learn More](https://www.blackhat.com/sector/2024/?cid=_session_16.500320&_mc=_session_16.500320)October 22, 2024[More Events](/events) ### Editor’s Choice[A person’s finger about to click on a screen that says Windows 11 with a blue abstract background behind it ](/vulnerabilities-threats/poc-exploit-for-zero-click-vulnerability-made-available-to-the-masses)[Vulnerabilities -& Threats](/vulnerabilities-threats) [PoC Exploit for Zero-Click Vulnerability Made Available to the Masses](/vulnerabilities-threats/poc-exploit-for-zero-click-vulnerability-made-available-to-the-masses)[PoC Exploit for Zero-Click Vulnerability Made Available to the Masses](/vulnerabilities-threats/poc-exploit-for-zero-click-vulnerability-made-available-to-the-masses) by[Dark Reading Staff](/author/dark-reading-staff) Aug 27, 2024 1 Min Read [Person holding a cellphone; black background _Tero_Vesalainen_Alamy.jpg?width=700&auto=webp&quality=80&disable=upscale)](/vulnerabilities-threats/how-telecom-vulnerabilities-can-be-a-threat-to-cybersecurity-posture)[Vulnerabilities -& Threats](/vulnerabilities-threats) [How Telecom Vulnerabilities Can Be a Threat to Cybersecurity Posture](/vulnerabilities-threats/how-telecom-vulnerabilities-can-be-a-threat-to-cybersecurity-posture)[How Telecom Vulnerabilities Can Be a Threat to Cybersecurity Posture](/vulnerabilities-threats/how-telecom-vulnerabilities-can-be-a-threat-to-cybersecurity-posture) by[Ayan Halder](/author/ayan-halder) Aug 29, 2024 5 Min Read [CCTV control room ](/ics-ot-security/cctv-zero-day-targeted-by-mirai-botnet-campaign)[ICS/OT Security](/ics-ot-security) [CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet](/ics-ot-security/cctv-zero-day-targeted-by-mirai-botnet-campaign)[CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet](/ics-ot-security/cctv-zero-day-targeted-by-mirai-botnet-campaign) by[Becky Bracken, Senior Editor, Dark Reading](/author/becky-bracken) Aug 28, 2024 1 Min Read Reports* [Managing Third-Party Risk Through Situational Awareness](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_cybo171&ch=&cid=_analytics_7.300006016&_mc=_analytics_7.300006016)* [2024 InformationWeek US IT Salary Report](https://iw-resources.informationweek.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_ingg253&ch=sbx&cid=_analytics_7.300006014&_mc=_analytics_7.300006014)* [AI-Driven Testing: Bridging the Software Automation Gap](https://www.informationweek.com/whitepaper/operating-systems/application-acceleration/ai-driven-testing-bridging-the-software-automation-gap/436523?keycode=sbx&cid=_analytics_7.300005927&_mc=_analytics_7.300005927)* [The Foundation for Building Scalable Applications to Fuel Customer Satisfaction and Growth](https://www.informationweek.com/whitepaper/big-data-analytics/big-data/insights-platform-the-foundation-for-building-scalable-applications-to-fuel-customer-satisfaction-and-growth-/436443?keycode=sbx&cid=_analytics_7.300005926&_mc=_analytics_7.300005926)* [Forrester Total Economic Impact Study: Team Cymru Pure Signal Recon](https://www.informationweek.com/whitepaper/cybersecurity/risk-management-security/forrester-total-economic-impact%E2%84%A2-study-team-cymru-pure-signal%E2%84%A2-recon/429373?cid=_analytics_7.300005909&_mc=_analytics_7.300005909)[More Reports](/resources?types=Report) Webinars* [How to Evaluate Hybrid-Cloud Network Policies and Enhance Security](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_tufi05&ch=SBX&cid=_upcoming_webinars_8.500001471&_mc=_upcoming_webinars_8.500001471)September 18, 2024* [DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6923&ch=SBX&cid=_upcoming_webinars_8.500001477&_mc=_upcoming_webinars_8.500001477)September 26, 2024* [Harnessing the Power of Automation to Boost Enterprise Cybersecurity](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_autp86&ch=SBX&cid=_upcoming_webinars_8.500001472&_mc=_upcoming_webinars_8.500001472)October 3, 2024[More Webinars](/resources?types=Webinar) White Papers* [The Anatomy of a Ransomware Attack](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6911&ch=SBX&cid=_whitepaper_14.500005782&_mc=_whitepaper_14.500005782)* [The ROI of RevealX Against Ransomware](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6910&ch=SBX&cid=_whitepaper_14.500005780&_mc=_whitepaper_14.500005780)* [Purple AI Datasheet](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_senu27&ch=SBX&cid=_whitepaper_14.500005774&_mc=_whitepaper_14.500005774)* [Generative AI Gifts](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_senu28&ch=SBX&cid=_whitepaper_14.500005773&_mc=_whitepaper_14.500005773)* [Ten Elements of Insider Risk in Highly Regulated Industries](https://dr-resources.darkreading.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6742&ch=SBX&cid=_whitepaper_14.500005736&_mc=_whitepaper_14.500005736)[More Whitepapers](/resources?types=Whitepaper) Events* [State of AI in Cybersecurity: Beyond the Hype](https://darkreadingve.tradepub.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6891&ch=SBX&cid=_session_16.500324&_mc=_session_16.500324)October 30, 2024* [-[Virtual Event-] The Essential Guide to Cloud Management](https://iw-resources.informationweek.com/c/pubRD.mpl?secure=1&sr=pp&_t=pp:&qf=w_defa6833&ch=iwkSBX&cid=_session_16.500323&_mc=_session_16.500323)October 17, 2024* [Black Hat Europe – December 9-12 – Learn More](https://www.blackhat.com/upcoming.html#europe?cid=_session_16.500321&_mc=_session_16.500321)December 10, 2024* [SecTor – Canada’s IT Security Conference Oct 22-24 – Learn More](https://www.blackhat.com/sector/2024/?cid=_session_16.500320&_mc=_session_16.500320)October 22, 2024[More Events](/events)

Related Tags:
CVE-2020-5652

CVE-2024-6796

CVE-2024-6795

NAICS: 921 – Executive

Legislative

Other General Government Support

NAICS: 54 – Professional

Scientific

Technical Services

NAICS: 62 – Health Care And Social Assistance

NAICS: 336 – Transportation Equipment Manufacturing

NAICS: 541 – Professional

Scientific

Technical Services

NAICS: 52 – Finance And Insurance

Associated Indicators: