Vulnerability Spotlight: Natus NeuroWorks Multiple Vulnerabilities
Vulnerabilities discovered by Cory Duplantis from Talos
Talos has discovered multiple vulnerabilities in Natus NeuroWorks software. This software is used in the Natus Xltek EEG medical products from Natus Medical Inc. The vulnerable devices contain an ethernet connection for data acquisition and connection to networks.
We identified a number of vulnerabilities falling into two classes:
- Four code execution vulnerabilities
- One denial of service vulnerability.
The first category allows code execution on the medical device through a specially crafted network packet. The second category can cause the vulnerable service to crash. The vulnerabilities can be triggered remotely without authentication.