JekyllBot:5-Aethon TUG Hospital Robots Vulnerability Allows Hackers to Take Control
Reading Time: 2 minutes

Five vulnerabilities collectively dubbed as ‘JekyllBot:5’ in the Aethon TUG Hospital robots have been addressed that potentially could enable hackers to take control of the devices and disrupt the distribution of medication and lab samples.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) in an advisory said, “Successful exploitation of these vulnerabilities could cause a denial-of-service condition, allow full control of robot functions, or expose sensitive information.”

Hospitals across the world use Aethon TUG smart autonomous mobile robots to deliver medication, transport clinical supplies, and independently navigate around to perform different tasks which include cleaning floors and collecting meal trays.

The JekyllBot:5 vulnerabilities reside in the TUG Homebase Server component. This results in attackers delaying the delivery of medications, surveilling patients, staff, and hospital interiors via its integrated camera, and gaining access to confidential information.

The vulnerabilities can further exploit the weaknesses and be weaponized to hijack legitimate administrative user sessions in the robots’ online portal. Additionally, it can also inject malware to propagate further attacks at health care facilities.Aethon TUG Hospital Robots Vulnerability Allows Hackers to Take Control-1According to the healthcare IoT firm, it can give the “attackers an access point to laterally move through hospital networks, perform reconnaissance, and eventually carry out ransomware attacks, breaches, and other threats.” 

The Five vulnerabilities discovered last year during an audit on behalf of a healthcare provider client mentioned below –

  • CVE-2022-1070 (CVSS score: 9.8) – Allows an unauthenticated attacker to connect to the TUG Home Base Server websocket to take control of TUG robots.
  • CVE-2022-1066 (CVSS score: 8.2) – Allows an unauthenticated attacker to arbitrarily add new users with administrative privileges and delete or modify existing users.
  • CVE-2022-26423 (CVSS score: 8.2) – Allows an unauthenticated attacker to freely access hashed user credentials.
  • CVE-2022-27494 (CVSS score: 7.6) – Makes the “Reports” tab of the Fleet Management Console vulnerable to stored cross-site scripting attacks when new reports are created or edited.
  • CVE-2022-1059 (CVSS score: 7.6) – Makes the “Load” tab of the Fleet Management Console vulnerable to reflected cross-site scripting attacks.

Cynerio’s Asher Brass explained, “These zero-day vulnerabilities required a very low skill set for exploitation, no special privileges, and no user interaction to be successfully leveraged in an attack. If attackers were able to exploit JekyllBot:5, they could have completely taken over system control, gained access to real-time camera feeds and device data, and wreaked havoc and destruction at hospitals using the robots.”

Related Articles:
Haskers Gang Distributes ZingoStealer Malware to Other Cybercriminals for Free
North Korean Lazarus Hacking Group Caught Spying on Chemical Sector Companies
Rarible NFT Marketplace Vulnerability Can Lead to Crypto Wallet Hacking