ALINIQ AMS
Report
- Report Number
- 3004032053-2022-00001
- Event Type
- Malfunction
- Date Received
- April 1, 2022
- Date of Event
- February 23, 2022
- Report Date
- April 7, 2022
- Manufacturer
- ABBOTT SRL
- Product Code
- JQP
- PMA / PMN Number
- EXEMPT
- Removal / Correction Number
- N/A
- Product Problem
- Yes
- Report Source
- Manufacturer report
- Reporter Location
- IL, US
- Reporter Occupation
- 003
Narratives
CATALOG NO; UNIQUE IDENTIFIER (UDI #): AMS 2.06; CATALOG NO 03R89-01; UDI- N/A. AMS 2.07 (INCLUDING PATCHES)/ALINITY IQ AMS 2.07.2; CATALOG NO 03R89-20; UDI- N/A. ALINIQ AMS 2.08 (INCLUDING PATCHES); CATALOG NO 03R89-21; UDI- (B)(4). ALINIQ AMS 2.09; CATALOG NO 03R89-23; UDI- (B)(4). ALINIQ AMS 2.10; CATALOG NO 03R89-24; UDI- (B)(4). ALINIQ AMS 2.11; CATALOG NO 03R89-47; UDI- (B)(4). ALINIQ AMS 2.12; CATALOG NO 03R89-48; UDI- (B)(4). ABBOTTLINK HAS NO LN OR SN. THE INVESTIGATION INTO THIS ISSUE FOUND THAT THIS VULNERABILITY IMPACTS ALL MARKETED VERSIONS OF ALINIQ AMS AND ABBOTTLINK. THE INVESTIGATION ALSO IDENTIFIED THAT THE VULNERABILITY CAN ONLY BE EXPLOITED ON AMS-ABBOTTLINK SYSTEMS WITHIN CUSTOMER NETWORKS WITH POOR NETWORK SECURITY (LABS WITH NO FIREWALL, OR AN POORLY CONFIGURED FIREWALL). A PRODUCT CORRECTION LETTER HAS BEEN ISSUED TO ALL CUSTOMERS WHERE BOTH ABBOTTLINK AND ALINIQ AMS ARE INSTALLED. THE PRODUCT CORRECTION LETTER NOTIFIES CUSTOMERS OF THE ISSUE AND PROVIDES THE NECESSARY ACTIONS TO BE TAKEN TO REDUCE THE RISK OF EXPLOITATION OF THIS VULNERABILITY UNTIL THEY ARE CONTACTED BY THEIR ABBOTT REPRESENTATIVE TO SCHEDULE THE MANDATORY INSTALLATION OF THE NEW VERSION OF ABBOTTLINK ONCE IT IS AVAILABLE.
THIS EMDR IS BEING SUBMITTED AS THE ATTACHMENT A (INDICATED IN SECTION D4- SERIAL NO) WAS INADVERTENTLY NOT ATTACHED TO THE INITIAL EMDR SUBMISSION. ATTACHMENT A HAS NOW BEEN ATTACHED TO THIS SUBMISSION.
ABBOTT RECEIVED A SECURITY VULNERABILITY NOTIFICATION FROM PTC, THE SUPPLIER WHO PROVIDES THE SOFTWARE USED IN ABBOTTLINK, WHICH RESIDES ON A CUSTOMER-OWNED SERVER. WITHIN THE OVERALL SOFTWARE, THE AXEDA DESKTOP SERVER IS USED TO ENABLE REMOTE SCREEN SHARING THROUGH AN ABBOTTLINK CONNECTION. THE IDENTIFIED VULNERABILITY COULD ALLOW CONTROL OF THE OPERATING SYSTEM OF THE SERVER WHERE THE SOFTWARE IS INSTALLED. THIS VULNERABILITY ONLY IMPACTS CUSTOMER SITES WHERE BOTH ALINIQ AMS AND THE ABBOTTLINK AXEDA DESKTOP SERVER ARE INSTALLED WHEN: THE ATTACKER HAS CREDENTIALLED ACCESS TO THE CUSTOMER NETWORK. THE ATTACKER KNOWS THE ABBOTT-CONTROLLED AXEDA DESKTOP SERVER PASSWORD; THE ATTACKER CAN CONNECT TO A SPECIFIC PORT ON THE AXEDA DESKTOP SERVER. IF THE AXEDA VULNERABILITY IS EXPLOITED, THE ATTACKER COULD GAIN ACCESS THROUGH THE AXEDA DESKTOP SERVER TO ALINIQ AMS SERVICES WHICH HAS THE POTENTIAL FOR A DELAY IN PATIENT RESULTS, INCORRECT RESULTS, AND/OR DATA PRIVACY ISSUES. THERE HAVE BEEN NO KNOWN EXPLOITS OF THIS VULNERABILITY ON THE ALINIQ AMS.
Devices
| Seq | Brand | Generic | Product Code | Manufacturer | Model | Lot | UDI-DI |
|---|---|---|---|---|---|---|---|
| 1728547 | ALINIQ AMS | CALCULATOR/DATA PROCESSING MODULE, FOR CLINICAL USE | JQP | ABBOTT SRL |
Patients
| Seq | Age | Sex | Outcome | Treatment |
|---|---|---|---|---|
| 1 | Unknown | ABBOTTLINK 5.10| ABBOTTLINK 5.10 |