Vision RT’s Information Security Management System is certified to ISO/IEC 27001:2022.

We are committed to keeping our products secure. Our developers and engineers are always on the lookout for emerging cybersecurity threats, but we also rely on you and your clinic’s IT department to help make us aware of potential issues. Please submit any vulnerability reports or concerns to: security@visionrt.com.

 

NHS Digital standard DCB0129

Vision RT systems are fully compliant with DCB0129 – the mandatory risk management standard for clinical IT systems vendors operating in the NHS in England.

If you need support completing DCB0160 documentation for the deployment, use, maintenance, or decommissioning of clinical IT Systems, please contact the clinical safety team at NHS Health Call who will be able to assist you.

 

Statement on Anti-Malware Solution used by Vision RT Products

The current version of the Anti-Malware Solution supplied with all Vision RT Products is due to go end-of-support on 31 December 2023. 

We will be emailing our customers with details on how this will be replaced with an upgraded version.

If you are a Vision RT customer, and you have not received this email, please email security@visionrt.com and we will send you a copy. Alternatively, you may find more information on this topic on: https://www.myvisionrt.com.

If you need further information, please contact Vision RT support via the customer support helpdesk https://visionrt.com/contact-us/ or email servicesupport@visionrt.com.

If you wish to check the validity of any email that appears to be sent by Vision RT, contact security@visionrt.com.

Statement on Axeda Vulnerabilities CVE-2022-25247 to CVE-2022-25252

(Updated 08 March, 2022)

Vision RT is aware of Axeda vulnerabilities that have just been published.

More information on these vulnerabilities can be found here https://www.ptc.com/en/support/article/CS363561 and the table below

 

CVE ID Description Potential Impact CVSSv3.1 Score
CVE-2022-25249 The Axeda xGate.exe agent allows for unrestricted file system read access via a directory traversal on its web server. Information disclosure 7.5
CVE-2022-25250 The Axeda xGate.exe agent can be shut down remotely by an unauthenticated attacker via an undocumented command. DoS 7.5
CVE-2022-25251 The Axeda xGate.exe agent supports a set of unauthenticated commands to retrieve information about a device and modify the agent’s configuration. RCE 9.4
CVE-2022-25246 The AxedaDesktopServer.exe service uses hard-coded credentials to enable full remote control of a device. RCE 9.8
CVE-2022-25248 The ERemoteServer.exe service exposes a live event text log to unauthenticated attackers. Information disclosure 5.3
CVE-2022-25247 The ERemoteServer.exe service allows for full file-system access and remote code execution. RCE 9.8
CVE-2022-25252 All Axeda services using xBase39.dll can be crashed due to a buffer overflow when processing requests. DoS 7.5

 

These vulnerabilities may exist on some Vision RT Systems, especially those installed prior to May 2020 which have been configured for remote access support from Vision RT.

The majority of systems under service contracts with Vision RT will not have Axeda installed, as this functionality was superseded by N-able.

We will be emailing our customers with details on how to determine if their Vision RT system(s) are vulnerable, and if so, how to fix the issue.

If you are a Vision RT customer, and you have not received this email, please email security@visionrt.com and we’ll send you a copy. Alternatively, you may find more information on this topic on: https://www.myvisionrt.com including details on how to check and secure your system.

If you need assistance in performing vulnerability checks, or about how to implement the steps needed to secure your systems, please contact Vision RT support via the customer support helpdesk at https://www.myvisionrt.com or reach out directly to your regional engineers & Clinapps specialists.

If you wish to check the validity of any email that appears to be sent by Vision RT, contact security@visionrt.com.

Get in touch

Ready to take the next step?

Vision RT’s family of SGRT solutions guide radiation therapy for better patient care at every step: Sim, Planning, Treatment and Dose. Whether you’re looking for a quote, a product demo (virtual or in-person) or just more information, please get in touch.