Product Security Updates

March 08, 2022

BACKGROUND

CISA has notified Beckman Coulter that a security researcher has discovered multiple vulnerabilities in Axeda software (Axeda Agent and Axeda Desktop Server for Windows) and has identified a list of commercially available products that use Axeda. The Beckman Coulter Microbiology LabPro supplied computer has been identified as one of the products that may be affected.

RESPONSE

Beckman Coulter’s Microbiology LabPro supplied computers used Axeda services for remote connectivity prior to 2020. Axeda services are disabled by default on all computers containing them.

Although LabPro computers no longer ship with Axeda services, it is recommended that Beckman Coulter supplied LabPro computers be checked to ensure that Axeda services are removed, even if currently disabled.

For detailed information on how to remove Axeda services from your LabPro computer, please see the Axeda product specific information page. 

December 13th, 2021 (Updated January 11th, 2022) 

BACKGROUND

On December 10, 2021 a critical vulnerability (CVE-2021-44228)  was reported in Apache Log4j, a very popular Java logging package. The vulnerability is impacting multiple versions of the Apache Log4j utility and the applications that use it. The vulnerability allows for unauthenticated remote code execution as the user running the application that utilizes the library.

RESPONSE

Beckman Coulter is currently evaluating the security risk of our product portfolio that may potentially be affected by this vulnerability.

Beckman Coulter will perform validation and verification of any applicable patches. Any patches required for networked devices will be released per Beckman Coulter’s specific product update and patching policy.

For detailed information on each Beckman Coulter product, including workaround information, please see the Log4j product specific information page.

References :

https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce

August 13th, 2021 (March 28th, 2022)

BACKGROUND

On July 6th, 2021, Microsoft released a patch for a critical Remote Code Execution vulnerability to address CVE-2021-34527. The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.  Since then, multiple CVE’s have been added as part of the combined “PrintNightmare” vulnerability, along with additional patches.  

This vulnerability impacts all windows operating systems.

RESPONSE

Beckman Coulter’s research and development teams are analyzing the Microsoft patches for CVE-2021-34527, CVE-2021-36947, CVE-2021-36936, CVE-2021-34483, CVE-2021-34481 for impact to affected products. 

For detailed information on each Beckman Coulter product, including workaround information, please see the product specific PrintNightmare information page.

June 28, 2019

BACKGROUND

On May 15th, 2019, Microsoft released a patch for a critical Remote Code Execution vulnerability in Remote Desktop Services (CVE-2019-0708). This vulnerability can be exploited remotely without authentication on systems that use Remote Desktop Services for Windows XP, Windows 7, Windows Server 2003 and Windows Server 2008 operating systems.

RESPONSE

Beckman Coulter’s research and development teams have validated the installation of the Microsoft patch for CVE-2019-0708 and where appropriate, developed specific customer instructions for those systems. For detailed information on each Beckman Coulter product, please see product specific Bluekeep information page. 

January 8, 2018

BACKGROUND

On January 4th, Intel and others announced the Meltdown and Spectre (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754) set of vulnerabilities. Meltdown and Spectre are two vulnerability techniques researchers have discovered that exploit a flaw in computer processors. These vulnerabilities could allow malicious code to gain access to higher-privileged processes and data in memory across multiple operating systems. These vulnerabilities are not exclusive to Beckman Coulter or medical devices. Early public reports indicate that this vulnerability issue potentially affects every processor-based computer and/or electronic device that has been manufactured over the last 5 to 10 years.

RESPONSE

Beckman Coulter is aggressively evaluating the potential risk and cybersecurity vulnerability profiles of both our software solutions and instrument software products. Beckman Coulter is focusing our investigation on products that have a direct network connection because any attack would require local or physical access to exploit the identified vulnerabilities. Accordingly, Beckman Coulter has determined the potential risk to be low-impact for products that are not networked or are behind a firewall. Beckman Coulter will perform validation and verification of any applicable patches. Any patches required for networked devices will be released per Beckman Coulter’s specific product update and patching policy.

June 28, 2017

BACKGROUND

Petya ransomware first appeared on Tuesday, June 27, 2017. Petya is similar to WannaCry in that it primarily uses the "Eternal Blue" SMBv1 exploit, leaked by the Shadow Brokers from stolen NSA code, to enter the system. Later reports surfaced that Petya is using an HTA attack (CVE2017-0199) as well, allowing for a phishing approach that may bypass firewalls that should be blocking inbound port 445. Petya encrypts the Master File Table (MFT) for NTFS partitions and overwrites the Master Boot Record (MBR) with a custom bootloader. To release encrypted data, the ransomware demands an average payment of $300 in bitcoins. Systems that have already applied the Microsoft's MS17-010 security patch are not vulnerable to the EternalBlue exploit used by Petya.

RESPONSE

Teams at Beckman Coulter are aggressively evaluating the risk and cybersecurity vulnerability profiles of both our software solutions and instrument software products. During the WannaCry attack, R&D teams validated the installation of the MS17-010 Microsoft security patch and where appropriate, developed specific customer instructions for those systems. Systems that have already had Microsoft's MS17-010 security patch applied are not vulnerable to the EternalBlue exploit used by Petya.

Some products do not use or rely on a Microsoft Windows-based operating system and therefore are not vulnerable to or affected by WannaCry ransomware. Please see product-specific information page for more information. For products that have customer installation instructions for WannaCry, these can also be used for this Petya ransomware to apply the MS17-010 patch.

MICROSOFT SECURITY BULLETIN MS17-010

Released in March 2017, this update addressed the Microsoft security vulnerability exploited by "Eternal Blue" SMBv1 exploit. We suggest that customers who have not already applied this update consult the product-specific information page before doing so. In addition, as the complexity of customer system configurations varies greatly, we strongly recommend that our customers work with their IT departments to ensure compatibility of the software update with their networked systems.

May 19, 2017

BACKGROUND

WannaCry ransomware first appeared on Friday, May 12, 2017. Since then, WannaCry has attacked computers worldwide-spreading itself across organizations’ networks by exploiting vulnerabilities in Microsoft Windows operating systems without the MS17-010 Microsoft security patch. WannaCry encrypts data on infected machines and demands ransom payments to decrypt the data.

RESPONSE

Teams at Beckman Coulter are aggressively evaluating the risk and cybersecurity vulnerability profiles of both our software solutions and instrument software products. Where appropriate, teams are validating the installation of the MS17-010 Microsoft security patch and developing specific customer instructions for those systems.

Some products do not use or rely on a Microsoft Windows-based operating system and therefore are not vulnerable to or affected by WannaCry ransomware. Please see product-specific information page for more information.

We will provide more product-specific information as our evaluation of the issue continues and new information becomes available.

MICROSOFT SECURITY BULLETIN MS17-010

Released in March 2017, this update addressed the Microsoft security vulnerability exploited by WannaCry ransomware. We suggest that customers who have not already applied this update consult the product-specific information page before doing so. In addition, as the complexity of customer system configurations varies greatly, we strongly recommend that our customers work with their IT departments to ensure compatibility of the software update with their networked systems.

For additional technical details and indicators associated with this ransomware, please review the latest update from the U.S. Department of Homeland Security: US-CERT Alert (TA17-132A).