Security Vulnerabilities in Apollo Pharmacy Blood Glucose Monitoring System and Mitsubishi Electric MELSEC iQ-F Series
Two critical security vulnerabilities have been identified in medical devices from Apollo Pharmacy and Mitsubishi Electric, potentially compromising sensitive information and leading to denial-of-service attacks.
Introduction
In recent weeks, critical security vulnerabilities have been identified in two significant devices used in healthcare and critical manufacturing. These security issues affect the Apollo Pharmacy Blood Glucose Monitoring System (Model APG-01 BT) and Mitsubishi Electric's MELSEC iQ-F Series.
Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT
Security Vulnerabilities
Two main vulnerabilities have been identified:
- CVE-2026-50034: An attacker within the range of Bluetooth Low Energy (BLE) communication can wirelessly intercept sensitive health data, including glucose measurement values.
- CVE-2026-52866: An attacker can monopolize the device's only available BLE connection slot, preventing legitimate users from establishing a connection.
Impact
Successful exploitation of these vulnerabilities could lead to a loss of sensitive health data and significantly impair the device's usability for patients.
Recommendations
CISA recommends better understanding Bluetooth technology and taking defensive measures to minimize the risk of exploitation of these vulnerabilities.
Mitsubishi Electric MELSEC iQ-F Series
Security Vulnerabilities
Three critical vulnerabilities have been identified:
- CVE-2026-8806: An attacker can cause a denial-of-service (DoS) condition by sending a large number of communication packets.
- CVE-2026-8805: An attacker can also cause a DoS condition by rapidly establishing a large number of TCP connections.
Recommendations
Mitsubishi Electric has recommended using firewalls and VPNs to prevent unauthorized access. Updating to the latest software version is also advised to enhance security.
Conclusion
The discovery of these security vulnerabilities underscores the need for robust security measures in the healthcare and manufacturing industries to protect sensitive data and maintain the operation of critical systems.