FDA Adverse Event Malfunction Summary report: N

MRIDIAN LINAC SYSTEM

MDR report key: 19060178 · Received April 5, 2024

Report

Report Number
MW5153619
Event Type
Malfunction
Date Received
April 5, 2024
Date of Event
March 28, 2024
Report Date
April 3, 2024
Manufacturer
VIEWRAY, INC.
Product Code
IYE
Product Problem
Yes
Report Source
Voluntary report
Reporter Location
OR, US
Reporter Occupation
BIOMEDICAL ENGINEER
Health Professional
Yes

Narratives

Description of Event or Problem · 0

CYBERSECURITY VULNERABILITY FOUND BY CONNECTWISE SOFTWARE USED IN VIEWRAY MRIDIAN A3I SOFTWARE VERSION 3.0.X OVERVIEW THE PROVIDENCE CYBERSECURITY VULNERABILITY MANAGEMENT TEAM HAS DETERMINED THE CRITICAL RISK VULNERABILITIES ON CONNECTWISE SCREENCONNECT. THE FIRST FLAW INVOLVES A NEW CHECK REVEALING THAT THE AUTHENTICATION PROCESS WAS VULNERABLE VIA ALL ACCESS PATHS, INCLUDING THE SETUP WIZARD, ALLOWING UNAUTHORIZED CREATION OF NEW ADMINISTRATOR ACCOUNTS IN SCREENCONNECT. THE SECOND FLAW, A PATH TRAVERSAL BUG, ENABLED ACCESS OR MODIFICATION OF FILES OUTSIDE RESTRICTED DIRECTORIES. AN ADVISORY WAS RELEASED BY CONNECTWISE SCREENCONNECT. ASSOCIATED CVES: CVE-2024-1708 CVE-2024-1709 AFFECTED VERSIONS/ASSETS: ALL THE ASSETS WHICH ARE HAVING SCREENCONNECT VERSIONS 23.9.7 AND PRIOR. CAN RAPID7 DETECT THIS VULNERABILITY? YES. WHAT YOU NEED TO DO: USERS ARE RECOMMENDED TO UPGRADE TO LATEST VERSION OF SCREENCONNECT 23.9.8.

Devices

Seq Brand Generic Product Code Manufacturer Model Lot UDI-DI
607006 MRIDIAN LINAC SYSTEM ACCELERATOR, LINEAR, MEDICAL IYE VIEWRAY, INC.

Patients

Seq Age Sex Outcome Treatment
1 60 YR Prefer Not To Disclose Other