Dräger Zeus Infinity Empowered and Zeus RS C500 Anesthesia Workstations USB Interface Privilege Escalation Vulnerability

A local security vulnerability has been identified in Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations. This vulnerability allows unauthorized individuals with physical access to manipulate the software integrity of the devices through the unprotected USB interfaces. Exploitation of this vulnerability could disrupt therapy functions, alter device-processed data, or use the workstation as a gateway for wider network-based attacks, especially when connected to a network or Dräger Service Connect.

Impact

Exploitation of this vulnerability could lead to unauthorized manipulation of the anesthesia workstation's software integrity, disrupting therapy functions and altering processed data. Additionally, the vulnerability could be exploited to conduct broader network-based attacks, using the device as a pivot point, when connected to a network or Dräger Service Connect.