You are on our international English website. This site features our entire product portfolio worldwide. The products featured may not be available in the US. If you are a citizen from the US, please visit your country website for local information and contacts.
Medical Technology for healthcare professionals
Global website (English)
back
Medical Technology
recommended searches
popular searches
Back to overview

Security Information Glaucoma Workplace 3.5.2

Description

A downgrade attack is a cyberattack in which malicious actors force Glaucoma Workplace version 3.5.2 to use an older, less secure method of communication. This is done by intercepting and modifying the communication between ZEISS Glaucoma Workplace Server and other network entities incl. the FORUM Viewer with the Glaucoma Workplace Client.

This issue is solely related to cybersecurity and does not compromise the health and safety of the patient. It also has no impact on the safety and performance of ZEISS Glaucoma Workplace.

Conditions

A downgrade attack as described above is possible only if

  • an attacker with network access is able to set up an intercepting entity

Affected versions

The vulnerability affects the following GWP versions:

  • Glaucoma Workplace 3.5.2

Recommended actions

1. Close the vulnerability by a software update

ZEISS recommends updating your Glaucoma Workplace to version 3.6.0 to ensure continued cybersecurity. A software version labeled Glaucoma Workplace 3.6.0 is available for installation. This version closes the described vulnerability. Please reach out to your local ZEISS Service team for additional information on updating your ZEISS Glaucoma Workplace software.

2. Close the vulnerability by configuration

If a software update of the Glaucoma Workplace version is not an option, there is also the possibility to update the configuration of the Glaucoma Workplace version 3.5.2. Please reach out to your local ZEISS Service team for additional information on the required configuration changes to your ZEISS Glaucoma Workplace software.