A vulnerability in GE Healthcare s Aestiva and Aespire anesthesia devices would allow an unauthenticated cybercriminal on the same network as the device to modify gas composition parameters within the devices respirator function. GE Healthcare said that cybercriminals wouldn t be able to actually cause any danger to a patient given that these devices are never used without human oversight. The flaw exists thanks to configuration exposure of certain terminal server implementations that extend GE Healthcare anesthesia device serial ports to TCP/IP networks.
Source: https://threatpost.com/anesthesia-respirators-cyber-tampering/146405/