Cybersecurity Vulnerabilities Affecting Drug Manufacturing Equipment
BlackBerry’s QNX real-time operating system may create cybersecurity vulnerabilities, according to FDA.
BlackBerry’s QNX real-time operating system (RTOS) may create cybersecurity vulnerabilities that introduce risks for certain medical devices and drug manufacturing equipment, according to FDA. To date, there aren’t confirmed adverse events related to these vulnerabilities.
In an alert (AA21-229A) by Cybersecurity and Infrastructure Security Agency (CISA) on August 17, 2021, CISA stated that BlackBerry publicly disclosed that its QNX RTOS is affected by a BadAlloc vulnerability—CVE-2021-22156—which is a collection of vulnerabilities affecting multiple RTOSs and supporting libraries. CVE-2021-22156 is an integer overflow vulnerability affecting the calloc function in the C runtime library of multiple BlackBerry QNX products and could be exploited by a remote attacker, causing a denial-of-service condition or execute arbitrary code on affected devices.
FDA stated that manufacturers are assessing which equipment or systems may be affected by the BlackBerry QNX cybersecurity vulnerability. In addition, manufacturers are evaluating the risk and developing mitigations, including deploying patches from BlackBerry.
Organizations impacted by the BlackBerry QNX cybersecurity vulnerabilities should contact FDA. Specifically, drug manufacturers regulated by the Center for Drug Evaluation and Research should contact: cdercybersecurity@fda.hhs.gov.
Source: FDA (Accessed 08/18/2021), Cybersecurity and Infrastructure Security Agency (CISA)
Thermo Fisher Opens Advanced Therapies Collaboration Center in California
April 18th 2025The 6000-square-foot facility will provide cell therapy developers the support they need to transition to CGMP manufacturing, and an expanded footprint of the new center is expected to open in Philadelphia later in 2025.
