Technical
Advisory

Through sharp, technical and insightful analysis, the Payatu Team is constantly on the lookout for vulnerabilities and threats. This section exhibits a few of our findings.

...
...

Open TELNET port in niscomed patient monitoring device

Vulnerability

Open telnet port in niscomed patient monitoring device

Vulnerability Description

An issue was discovered on Niscomed Multipara Patient monitor M1000 devices. The device enables anTELNET service by default. This allows an attacker to gain root access (admin:nopasswd) of the device over the local network and steal customer data and perform a malicious activity like sending malware/ransomeware in it.

CVE-ID

CVE-2020-15482

Vendor

Nescomed

Product

M1000 Multipara Patient monitor

Disclosure Timeline

22 June 2020 reported to the vendor

22 July 2020 No response from the vendor and Public disclosure.

Credit

Arun Magesh