Medical device manufacturer, Johnson and Johnson Surgical Vision, issued a medical device safety alert concerning its iDESIGN Refractive Studio [versions 1.x & 2.x] & CATALYS Precision Laser System [software versions: v1, v2 & v3].
The manufacturer has identified a cybersecurity vulnerability for iDESIGN Refractive Studios & CATALYS Precision Laser Systems utilizing Microsoft Windows operating systems and the Print Spooler functionality. The vulnerability is a remote code execution vulnerability that exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who exploits this vulnerability could potentially run arbitrary code with SYSTEM privileges. This would give them access to potentially install programs; view, change, or delete data; or create new accounts with full user rights.
The manufacturer will schedule the installation of the patch on the affected systems.
According to the local supplier, the affected devices are distributed in Hong Kong.
If you are in possession of the affected products, please contact your supplier for necessary actions.
Posted on 29 Oct 2021