![]() Users with questions regarding the vulnerability or the product update are advised to contact their Ethicon Endo-Surgery, LLC sales representative or Ethicon Customer Support Center at 1-877-ETHICON. The update was made available on November 29, 2017. MITIGATIONĮthicon Endo-Surgery, LLC has contacted users and initiated a field cybersecurity update to address the vulnerability in the Ethicon Endo-Surgery Generator Gen11. DIFFICULTYĪn attacker with high skill would be able to exploit this vulnerability. No known public exploits specifically target this vulnerability. Ethicon Endo-Surgery SSL Access System The SSL Access System (Ethicon Endosurgery, Inc., Johnson and Johnson, Cincinnati, OH) is a single-port access device. This vulnerability cannot be exploited remotely. A CVSS v3 base score of 4.8 has been assigned the CVSS vector string is (AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L).CVSS Calculator,, web site last accessed November 28, 2017. This web site will be active sometime after publication of this advisory. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability.ĬVE-2017-14018NVD,, NIST uses this advisory to create the CVE web site report. IMPROPER AUTHENTICATIONCWE-287: Improper Authentication,, web site last accessed November 28, 2017. VULNERABILITY CHARACTERIZATION VULNERABILITY OVERVIEW The Ethicon Endo-Surgery Generator Gen11 is deployed across the Healthcare and Public Health sector. BACKGROUNDĮthicon Endo-Surgery, LLC is a subsidiary of Johnson & Johnson and is a U.S.-based company that maintains offices in several countries around the world. ICS-CERT recommends that organizations evaluate the impact of this vulnerability based on their operational environment and specific clinical usage. Impact to individual organizations depends on many factors that are unique to each organization. Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. ![]() The following versions of the Ethicon Endo-Surgery Generator Gen11 are affected: The claims of the ’070 patent are directed to a surgical device used to staple, secure, and seal tissue that has been incised. EthiconEndo-Surgery, LLC has produced updates that mitigate this vulnerability in the affected product. determination that the 070 patent claims would have ’ been obvious over the prior art. Johnson & Johnson, the parent company of Ethicon Endo-Surgery, LLC, reported an improper authentication vulnerability in the Ethicon Endo-Surgery Generator Gen11.
0 Comments
Leave a Reply. |