CVE-2021-37167 – This vulnerability allows attackers to gain roo... (How to Fix)

Q: What is the severity of CVE-2021-37167?

CVE-2021-37167 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to gain root access on Swisslog Healthcare Nexus Panel devices by using default credentials. It affects HMI3 Control Panel in Nexus Panel systems running software versions before 7.2.5.7. Healthcare organizations using these medical device control systems are at risk.

📋 TL;DR

This vulnerability allows attackers to gain root access on Swisslog Healthcare Nexus Panel devices by using default credentials. It affects HMI3 Control Panel in Nexus Panel systems running software versions before 7.2.5.7. Healthcare organizations using these medical device control systems are at risk.

💻 Affected Systems

Products:

Swisslog Healthcare Nexus Panel
HMI3 Control Panel

Versions: All versions before Nexus Software 7.2.5.7

Operating Systems: Embedded/Linux-based system on medical devices

Default Config Vulnerable: ⚠️ Yes

Notes: Requires default credentials to be unchanged, which is common in healthcare device deployments.

📦 What is this software?

Hmi 3 Control Panel Firmware by Swisslog Healthcare

View all CVEs affecting Hmi 3 Control Panel Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of medical device control systems allowing attackers to manipulate patient care equipment, steal sensitive medical data, or disrupt hospital operations.

🟠

Likely Case

Unauthorized root access leading to data exfiltration, system manipulation, or ransomware deployment on medical control systems.

🟢

If Mitigated

Limited impact if proper network segmentation and credential management are implemented, though risk remains if devices are accessible.

🌐 Internet-Facing: HIGH if devices are exposed to internet, as default credentials provide easy initial access.

🏢 Internal Only: HIGH due to default credentials being commonly unchanged in healthcare environments and privilege escalation to root.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires knowledge of default credentials, which are often unchanged. Part of the 'PwnedPiper' vulnerability chain.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Nexus Software 7.2.5.7 or later

Vendor Advisory: https://www.swisslog-healthcare.com/en-us/customer-care/security-information/cve-disclosures

Restart Required: Yes

Instructions:

1. Contact Swisslog Healthcare for patch 7.2.5.7. 2. Schedule maintenance window. 3. Apply patch following vendor instructions. 4. Restart affected devices. 5. Verify patch installation.

🔧 Temporary Workarounds

Change Default Credentials

all

Immediately change all default credentials on Nexus Panel devices to strong, unique passwords.

Use device administration interface to change login credentials

Network Segmentation

all

Isolate Nexus Panel devices on separate VLANs with strict firewall rules limiting access to authorized personnel only.

🧯 If You Can't Patch

Immediately change all default credentials and implement multi-factor authentication if supported
Isolate affected devices on segmented networks with strict access controls and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Check device software version via administration interface. If version is below 7.2.5.7 and default credentials are unchanged, device is vulnerable.

Check Version:

Check via device administration interface or contact Swisslog Healthcare support for version verification

Verify Fix Applied:

Verify software version is 7.2.5.7 or higher and test that default credentials no longer provide access.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful login with default credentials
Root privilege escalation events
Unauthorized configuration changes

Network Indicators:

Unexpected SSH or administrative protocol connections to Nexus Panel devices
Traffic to/from medical devices outside normal patterns

SIEM Query:

source="nexus-panel" AND (event_type="authentication" AND (user="default" OR user="admin") AND result="success") OR (event_type="privilege_escalation" AND user="root")

📊 Metadata

CVE ID: CVE-2021-37167

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

Published: August 2, 2021

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37167, you might also want to check these: