Skip to main content

SmartLinx Neuron 2 Environment Escape Vulnerability

Threat ID:
CC-3566
Threat Severity:
Low
Published:
16 July 2020 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

Capsule Technologies SmartLinx Neuron 2 Versions: all prior to 9.0

Threat details

Vulnerability

Security researchers have disclosed details of a restricted environment escape (CWE-693) vulnerability affecting Capsule Technologies' SmartLinx Neuron 2 mobile clinical systems. They claim that an attacker with physical access to a vulnerable system could gain access to an affected organisation's network.

The vulnerability is a result of the SmartLinx Neuron 2 system not properly restricting inputs from connected USB devices. A user with suitable access to these systems can input a specific series of keyboard inputs to escape the system's 'kiosk' environment

Remediation advice

Capsule Technologies has confirmed that this vulnerability has been addressed in version 9.0 of the Neuron software. Affected organisations are encouraged to contact their relevant suppliers to apply this update using the below instructions:

  • Connect vulnerable Neuron 2 devices to the Capsule SmartLinx application server.
  • Edit the 'Neuron Software Reference' to include the Neuron software to update.
  • Transfer the Neuron Software to the given Neuron.
  • Select 'Install Neuron Software Reference' on the given Neuron.
  • The Neuron device will remain offline for approximately 30 minutes as the software is updated.

Last edited: 16 July 2020 12:09 pm