Today, the German Federal Institute for Drugs and Medical Devices (BfArM) identified critical vulnerabilities in the Wind River VxWorks real-time operating system.
Affected versions of VxWorks are:
- VxWorks 6.5 to 6.9 (End-of-Life)
- VxWorks 7 (SR540 and SR610)
- VxWorks 653 MCE 3.x (may be affected)
They pointed out that VxWorks is used in many medical devices.
The BfArM advised: “Medical device manufacturers using this operating system must implement risk mitigation measures based on their updated risk analysis in light of this vulnerability.
If these measures correspond to the definition of a recall in accordance with § 2 No. 3 (a measure to eliminate, reduce or prevent the recurrence of a risk arising from a medical device, which initiates the return, replacement, retrofitting or retrofitting, disposal or destruction of a medical device or provides users, operators or patients with information on the further safe use or operation of medical devices), the measure must be reported to the BfArM on the notification form for Field Safety Corrective Actions published by the BfArM (Forms – medical devices).”
The link to the BfArM (Federal Institute for Drugs and Medical Devices) website is https://www.bfarm.de/SharedDocs/Risikoinformationen/Medizinprodukte/EN/vxworks.html