back to article PwnedPiper vulns have potential to turn Swisslog's PTS hospital products into Swiss cheese, says Armis

Security specialist Armis has discovered vulnerabilities, collectively dubbed PwnedPiper, in pneumatic tube control systems used in thousands of hospitals worldwide – including 80 per cent of the major hospitals found in the US. The researcher spotted the PwnedPiper vulnerabilities in Swisslog's Nexus stations for its …

  1. Potemkine! Silver badge

    "Our commitment to security ". With hard coded admin password. Are you kidding us?

    1. Gene Cash Silver badge

      "if a bad actor was first able to successfully break into a hospital’s secure network, know and understand the pathway from there to the panel, and then leverage the vulnerabilities."

      So they're saying "nobody's smart enough to do it" anyway. Nice.

      Assholes. But then in that case, they fit right in with the American medical system.

  2. Wim Ton

    How did it pass QA in the first place?

    1. Pascal Monett Silver badge

      They asked Microsoft to provide QA.

  3. Androgynous Cow Herd


    it's 2021 and I just saw "Telnet" in a technical article.

    strange times indeed.

    1. TimMaher Silver badge

      Re: Telnet

      I was thinking that.

      This whole story looks like the software is truly ancient and hasn’t been looked at in ages.

      I’m glad to see that hospitals with elderly systems will have to fork out for an “upgrade”. /snark.

      1. Anonymous Coward
        Anonymous Coward

        Re: Telnet

        I'll be on the other hand they market their products and services as Innovative, Digital First, Industry 4.0 meets Healthcare' and all the other bollocks that make it sound like it was 'digitally incubated' late last year. On port 23.

    2. Michael Wojcik Silver badge

      Re: wow

      Telnet is still widely used, particularly the TN3270 / TN3270E variants1 with z systems, and in somewhat smaller numbers the Telnet variants for other mainframe-class systems such as i and Unisys ClearPath.

      Telnet can be used securely when tunneled over TLS, or even using "opportunistic TLS" (STARTTLS) provided both sides enforce it (so a MITM can't downgrade to plaintext). There's also Thomas Wu's SRP-enabled Telnet, which offers not only message confidentiality and integrity but ZKP authentication; it's less widely available but there are both clients and servers.

      1Technically, TN3270 is "regular" Telnet with various options such as Binary and EOR enabled during negotiation. TN3270E negotiates a single more-complex option with various sub-options, and then adds a header to the Telnet records. Both use EBCDIC once negotiation completes and are significantly different from NVT mode, but TN3270E is more different.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like