July 6, 2023 By Pieter Arntz
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability that could result in remote code execution or a denial-of-service (DoS) condition impacting a healthcare delivery organization’s Paceart Optima system.
Paceart Optima is a software application that runs on a healthcare delivery organization’s Windows server. The application collects, stores, and can be used to retrieve cardiac device data from programs and remote monitoring systems from all major cardiac devices. The Paceart Optima product consists of multiple components that work together to deliver product functionality. This vulnerability impacts the Application Server component.
The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The vulnerability at hand is listed as:
CVE-2023-31222 (CVSS score 9.8 out of 10): Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery organization’s Paceart Optima system cardiac device causing data to be deleted, stolen, or modified, or the Paceart Optima system being used for further network penetration via network connectivity.
