CVE-2021-37164
📋 TL;DR
A stack-based buffer overflow vulnerability in Swisslog Healthcare Nexus Panel's HMI3 Control Panel allows remote attackers to execute arbitrary code or cause denial of service. The vulnerability affects Swisslog Healthcare Nexus Panel software versions before 7.2.5.7. This impacts healthcare facilities using Swisslog's pneumatic tube system control panels.
💻 Affected Systems
- Swisslog Healthcare Nexus Panel HMI3 Control Panel
📦 What is this software?
Hmi 3 Control Panel Firmware by Swisslog Healthcare
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, disruption of critical medical supply transport systems, and potential patient safety impacts.
Likely Case
Denial of service causing pneumatic tube system outages, disrupting hospital operations and delaying critical medical deliveries.
If Mitigated
Limited impact if network segmentation prevents external access and systems are patched.
🎯 Exploit Status
Part of the 'PwnedPiper' vulnerability chain with public exploit details available from Armis research.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Nexus Software 7.2.5.7 or later
Vendor Advisory: https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures
Restart Required: Yes
Instructions:
1. Contact Swisslog Healthcare support. 2. Obtain patch version 7.2.5.7 or later. 3. Schedule maintenance window. 4. Apply patch following vendor instructions. 5. Restart affected systems. 6. Verify patch installation.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Nexus Panel systems from untrusted networks and implement strict firewall rules.
Access Control
allRestrict network access to only authorized administrative systems and personnel.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate affected systems from untrusted networks
- Monitor network traffic for anomalous connections to Nexus Panel systems
🔍 How to Verify
Check if Vulnerable:
Check software version on Nexus Panel interface or contact Swisslog Healthcare support for version verification.Check Version:
Check via Nexus Panel administrative interface or contact Swisslog Healthcare for version verification tools.Verify Fix Applied:
Verify software version is 7.2.5.7 or later through system interface or vendor confirmation.📡 Detection & Monitoring
Log Indicators:
- Unusual network connections to Nexus Panel systems
- System crash or restart events
- Abnormal process behavior
Network Indicators:
- Unexpected TCP connections to Nexus Panel ports
- Malformed network packets targeting affected systems
SIEM Query:
source_ip=* AND dest_port=[Nexus Panel Ports] AND (payload_size>normal OR malformed_packet_detected)🔗 References
- https://www.armis.com/PwnedPiper
- https://www.swisslog-healthcare.com
- https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37164-bulletin---off-by-three-stack-overflow-in-tcptxthread.pdf?rev=daf615075c71484c8059c906872a51e6&hash=1FCC1A5D921E231D71E6B95A9AA8B741
- https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20
- https://www.armis.com/PwnedPiper
- https://www.swisslog-healthcare.com
- https://www.swisslog-healthcare.com/-/media/swisslog-healthcare/documents/customer-service/armis-documents/cve-2021-37164-bulletin---off-by-three-stack-overflow-in-tcptxthread.pdf?rev=daf615075c71484c8059c906872a51e6&hash=1FCC1A5D921E231D71E6B95A9AA8B741
- https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures#:~:text=CVE%20Disclosures%20%20%20%20Vulnerability%20Name%20%2C%20%20CVE-2021-37164%20%204%20more%20rows%20
