Vulnerabilities discovered by Cory Duplantis from Talos.
In April 2018, Talos published 5 vulnerabilities in Natus NeuroWorks software. We have also identified 3 additional vulnerabilities. This software is used in the Natus Xltek EEG medical products from Natus Medical Inc. The vulnerable devices contain an ethernet connection for data acquisition and connection to networks. The vulnerabilities exposed here can cause the affected service to crash. The vulnerabilities can be triggered remotely without authentication.
We strongly recommend readers to refer to the “Discussion” part of the previous article in order to clearly understand the risk of vulnerabilities targeting health devices.