1. Manuels
  2. Marques
  3. SciCan Manuels
  4. Équipement médical
  5. STATCLAVE G4
  6. Manuel de l'utilisateur

Appendix C - Statclave Cybersecurity Statement - SciCan STATCLAVE G4 Manuel De L'utilisateur

Masquer les pouces
Table des Matières

Publicité

Les langues disponibles

Les langues disponibles

APPENDIX C – STATCLAVE Cybersecurity Statement
A network disruption or cybersecurity incident will not prevent this device from performing its primary function of completing a
sterilization cycle. Additionally, a cybersecurity incident affecting the device cannot result in direct patient harm since the device
does not come into contact with a patient. While the unit records, stores and sends (if connected to a network) information
about a cycle, no patient data is stored on the unit.
The unit's functionality and design observe a number of additional cybersecurity risk mitigation measures:
Prevents unauthorized access to safety-critical settings.
Ensures trusted content by maintaining code, data and execution integrity.
Recovers capabilities or services that were impaired due to the cybersecurity incident.
Authentication methods and controls are used for each part of the communicating assets such as web sites, servers,
interoperable systems and cloud storage.
Addressing STATCLAVE Cybersecurity Vulnerabilities
STATCLAVE
Item
Microcontroller
logic board
Microcontroller
logic board
Operating
system
SSL stack
WiFi module
National Vulnerability
CBOM Item
Database Reference
CVE-2017-7936
ERR010872 – Secure Boot
Vybrid VF6xx
Vulnerability when using the
Serial Downloader (CVE-2017-
7936)
CVE-2017-7932
ERR010873 – Secure
Vybrid VF6xx
Boot Vulnerability when
Authenticating a Certificate
(CVE-2017-7932)
ICSA-17-285-04A Classic
MQX 4.2
Buffer Overflow, Out-of-Bounds
Read
WolfSSL 3.14
CVE-2018-12436 (ROHNP)
GS2011MIE
n/a
Control / Rationale
-SDP protocol redirected to UART 3 and
pins are not available (not connected)
-SDP protocol available to USB0.
Connection not available outside of the
PCB. Physical access to logic board
required in order to access USB0 OTG port
(physical locks in place).
-SDP protocol redirected to UART 3 and
pins are not available (not connected)
-SDP protocol available to USB0.
Connection not available outside of the
PCB. Physical access to logic board
required in order to access USB0 OTG port
(physical locks in place)
Patched DHCP client to address the buffer
overflow
Does not apply as attacker is required to
run code on the same host (embedded
platform) where the Wolfssl library is
running. Embedded platform does not allow
running of unauthorized code.
n/a
65

Publicité

Table des Matières
loading

Manuels Connexes pour SciCan STATCLAVE G4

Produits Connexes pour SciCan STATCLAVE G4

Table des Matières