Thailand

Medical System Security Information - Security Advisories

Product security  Advisories FUJIFILM Corporation
  1. Apache Log4j Vulnerability (Log4Shell)
    Log4j is a widely used logging tool in Java applications and is provided by the Apache Software Foundation. A vulnerability in Log4j versions 2.0-beta9 through 2.14.1 allows an attacker to remotely execute arbitrary code. For details, please refer to the following external reference website(s).
    https://logging.apache.org/log4j/2.x/security.html
  2. Impacts on our products
    SYNAPSE VNA software versions 6.3 and later may be affected by this vulnerability.
    Fujifilm has released a mitigation script that must be applied to each SYNAPSE VNA software.
    All other products are unaffected.
    For this security inquiries, contact the sales office where you purchased the product or you are considering purchasing the product.
  1. BlackBerry Real-Time Operating System (RTOS) "QNX" Vulnerability
    BlackBerry has announced a vulnerability (CVE-2021-22156) in the QNX Real-Time Operating System (RTOS).
    Exploitation of this vulnerability could lead to a denial of service or execute arbitrary code on the affected device. For details, please refer to the following external reference website(s).
    https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
    https://us-cert.cisa.gov/ncas/alerts/aa21-229a
  2. Impacts on our products
    We have determined that our products are not affected by this vulnerability because they do not use BlackBerry Real-Time Operating System (RTOS) "QNX".
  1. Treck TCP/IP stack vulnerabilities
    19 vulnerabilities were found in Treck TCP/IP stack named Ripple20. Exploitation of these vulnerabilities could result in remote code execution, denial of service, or information disclosure. For details, refer to the following external reference website(s).
    https://www.jsof-tech.com/ripple20
    https://us-cert.cisa.gov/ics/advisories/icsa-20-168-01
  2. Impacts on our products
    Our products do not use Treck TCP/IP which has these vulnerabilities. Therefore, we have determined that they are not affected by these vulnerabilities.
  1. Bluetooth Low Energy Vulnerability (SweynTooth)
    FDA issued the following FDA Safety Communication on March 3, 2020.
    For details, refer to the following external reference website(s).
    https://public4.pagefreezer.com/browse/FDA/08-02-2023T11:48/https://www.fda.gov/medical-devices/safety-communications/sweyntooth-cybersecurity-vulnerabilities-may-affect-certain-medical-devices-fda-safety-communication
    It describes information regarding vulnerabilities, named “Sweyn Tooth”, associated with a wireless communication technology known as Bluetooth Low Energy (BLE).
  2. Summary
    Successful exploitation of this vulnerability could allow an attacker within wireless range to cause a deadlock, crash, buffer overflow, or to completely bypass security function. For details, refer to the following external reference website(s).
    https://www.us-cert.gov/ics/alerts/ics-alert-20-063-01
  3. Impacts on our products
    Our products do not have a Bluetooth function that uses this vulnerable Bluetooth Low Energy (BLE). Therefore, we have determined that they are not affected by these vulnerabilities.
     
  1. Vulnerabilities of Remote Desktop Service for Windows
    Microsoft Corp. has disclosed vulnerabilities (CVE-2019-0708, CVE-2019-1181 and CVE-1182) of remote desktop service (software for remote control from other computers) installed in the Windows OS. An attacker who successfully exploited these vulnerabilities could install programs, display, modify, or delete data.
  2. Impacts on our products
    Remote Desktop Services is enabled on some of our MRI, CT, and X-ray diagnostic imaging system products. We judge that the impact of this vulnerability is small in the assumed network environment. At the request of the customer, it is possible to take measures such as disabling the remote desktop service. Please contact the sales office where you purchased the product.
    All other products are not affected by these vulnerabilities because the OS that contains these  vulnerabilities is uninstalled, or Remote Desktop Services is disabled.
  1. VxWorks Vulnerabilities
    Serious vulnerabilities of VxWorks named “URGENT/11” have been notified on the website of Wind River and it is recommended to take urgent measures.
  2. Summary
    URGENT/11 refers to 11 vulnerabilities found in VxWorks TCP/IP stack (IPnet), 6 of which are classified as critical vulnerabilities that allow remote code execution. Other vulnerabilities could also be exploited for denial of service or information disclosure. For details, refer to the following external reference website(s).
    https://www.windriver.com/security/announcements/tcp-ip-network-stack-ipnet-urgent11/
    https://www.armis.com/research/urgent11/
  3. Impacts on our products
    In our MRI system, VxWorks is used as an image processor, but due to the equipment configuration, it is highly unlikely that this vulnerability can be attacked, and we have determined that it is not affected by these vulnerabilities.
    All other products are not affected by these vulnerabilities because they do not use VxWorks.
Notice

We currently do not have any urgent announcements.

Inquiries regarding product security

For product security inquiries, contact the sales office where you purchased the product or you are considering purchasing the product.