Critical Security Flaws Found in Hospital Pneumatic Tubes
Significant security vulnerabilities have been disclosed in pneumatic tube systems commonly used in hospitals to transport samples and medicine. The flaws could allow unauthorized access or disruption of a critical piece of hospital infrastructure, highlighting the real-world impact of insecure embedded system design in safety-critical environments. The vulnerabilities are tracked as CVE-2025-49194 and CVE-2025-65236.
- The vulnerabilities, collectively dubbed "PwnedPiper," were discovered by security researchers Barak Hadad and Ben Seri from the IoT security firm Armis. They found nine critical weaknesses in the Translogic Nexus Control Panel, which is the brain of the pneumatic tube systems created by Swisslog Healthcare. - These flaws could allow an attacker to take complete control of a hospital's pneumatic tube system (PTS) network by sending unauthenticated network packets, meaning no user interaction is required for an attack to succeed. - Exploitation could lead to a range of severe consequences, including ransomware attacks holding the system hostage, altering the speed of sensitive deliveries like blood products which could damage them, and accessing staff RFID card credentials. - The affected Swisslog Translogic systems are used in over 3,000 hospitals worldwide, including more than 80% of hospitals in North America, making the potential impact widespread. - The identified vulnerabilities include the use of hard-coded passwords for user and root accounts, improper authentication, and the ability to download code without an integrity check, which could allow for persistent malware. - In response to the discovery, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released an advisory, ICSMA-21-215-01, urging healthcare facilities to take defensive measures. Swisslog has made software updates available to address most of the identified vulnerabilities.
