IKT Asset
AISicherheitCybersecurityMedizintechnikKritische Infrastruktur

Security Vulnerabilities in Apollo Pharmacy Blood Glucose Monitoring System and Mitsubishi Electric MELSEC iQ-F Series

Two critical security vulnerabilities have been identified in medical devices from Apollo Pharmacy and Mitsubishi Electric, potentially compromising sensitive information and leading to denial-of-service attacks.

Introduction

In recent weeks, critical security vulnerabilities have been identified in two significant devices used in healthcare and critical manufacturing. These security issues affect the Apollo Pharmacy Blood Glucose Monitoring System (Model APG-01 BT) and Mitsubishi Electric's MELSEC iQ-F Series.

Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT

Security Vulnerabilities

Two main vulnerabilities have been identified:

  1. CVE-2026-50034: An attacker within the range of Bluetooth Low Energy (BLE) communication can wirelessly intercept sensitive health data, including glucose measurement values.
  2. CVE-2026-52866: An attacker can monopolize the device's only available BLE connection slot, preventing legitimate users from establishing a connection.

Impact

Successful exploitation of these vulnerabilities could lead to a loss of sensitive health data and significantly impair the device's usability for patients.

Recommendations

CISA recommends better understanding Bluetooth technology and taking defensive measures to minimize the risk of exploitation of these vulnerabilities.

Mitsubishi Electric MELSEC iQ-F Series

Security Vulnerabilities

Three critical vulnerabilities have been identified:

  1. CVE-2026-8806: An attacker can cause a denial-of-service (DoS) condition by sending a large number of communication packets.
  2. CVE-2026-8805: An attacker can also cause a DoS condition by rapidly establishing a large number of TCP connections.

Recommendations

Mitsubishi Electric has recommended using firewalls and VPNs to prevent unauthorized access. Updating to the latest software version is also advised to enhance security.

Conclusion

The discovery of these security vulnerabilities underscores the need for robust security measures in the healthcare and manufacturing industries to protect sensitive data and maintain the operation of critical systems.