AICISACybersecurityMedical DevicesVulnerabilities
Security Vulnerabilities in Apollo Pharmacy and Mitsubishi Electric Products
Two critical security vulnerabilities have been identified in medical devices from Apollo Pharmacy and Mitsubishi Electric, potentially compromising sensitive data and leading to denial-of-service attacks.
Introduction
In today's digital world, security vulnerabilities in medical devices are a serious concern. Recent reports from CISA have uncovered two critical security vulnerabilities in products from Apollo Pharmacy and Mitsubishi Electric.
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT
Vulnerabilities:
- CVE-2026-50034: An attacker within BLE communication range can wirelessly intercept sensitive health information.
- CVE-2026-52866: An attacker can monopolize the device's only available BLE connection slot, preventing legitimate users from establishing a connection.
CVSS Score: 6.5 (Medium)
Recommended Actions:
- Contact Apollo Pharmacy directly for more information: Apollo Pharmacy Contact
- Follow CISA's guidance on Bluetooth technology.
Mitsubishi Electric MELSEC iQ-F Series FX5-ENET/IP Ethernet Module
Vulnerability:
- CVE-2026-8806: This vulnerability allows a remote attacker to cause a denial-of-service condition by continuously sending a large number of communication packets to the product's Ethernet port.
CVSS Score: 7.5 (High)
Recommended Actions:
- Use firewalls and VPNs to prevent unauthorized access.
- Block access from untrusted networks.
Conclusion
The security of medical devices is of utmost importance. Users should take the recommended security measures to protect their systems and minimize risks.