21 October 2019
Dear customers
We would like to inform you about the influence on our products of the VxWorks vulnerabilities called Urgent / 11 which the U.S. IoT security company Armis announced at the end of July 2019, as follows.
- About the influence on our products and system products
The products which we manufacture and sell do not use VxWorks and are not affected by the vulnerabilities in VxWorks.
To date, there have been no reports of cyber-attacks or data infringement affecting Nihon Kohden products, or of harm occurring to patients, in relation to these vulnerabilities.
- About our future response
We have set up a product security team to collect vulnerability information and monitor and analyze the vulnerabilities and predicted risks.
We are continuing to investigate the vulnerabilities affecting other operating systems that Armis announced subsequently to take appropriate measures as needed.
Should there be any additional information, it will be announced on our website.
If you have any questions or comments, please contact us on our website.
We hope to receive your continued patronage in future as we continue to strive to deliver safety to customers and patients.
- :URGENT / 11 are the 11 following vulnerabilities discovered in the TCP/IP stack (IP net) of VxWorks, which allow an intruder to remotely access and manipulate the system or destroy the system.
CVE-2019-12255、CVE-2019-12256、CVE-2019-12257、CVE-2019-12258、CVE-2019-12259、CVE-2019-12260、CVE-2019-12261、CVE-2019-12262、CVE- 2019-12263、CVE-2019-12264、CVE-2019-12265
