-
Logout
Mirth Connect Vulnerabilities Product Security Advisory
2023 December
CVE-2023-37679, CVE-2023-43208
Background
Leica Biosystems has been notified of 2 vulnerabilities associated with Mirth Connect version 4.4.1 and previous versions, produced by NextGen. Mirth Connect can be used to facilitate communications with laboratory information systems (LIS).
Leica Biosystems has reviewed our products and identified multiple Leica Biosystems products impacted by this vulnerability. Where additional networking controls are not in place, customers could be at risk. NextGen recommends Mirth Connect be upgraded to version 4.4.2 or higher to resolve the vulnerabilities. Leica Biosystems is not aware of any exploits of these vulnerabilities in Leica Biosystem products.
Customers of impacted products are encouraged to perform their own impact assessments and consider additional networking controls for their environment.
Product Status
| Product | Status Regarding Mirth Connect Vulnerability | Recommendations and Comments |
|---|---|---|
| Aperio AT2, Aperio AT2 DX | Not Vulnerable | Mirth Connect software is not present. |
| Aperio CS2 | Not Vulnerable | Mirth Connect software is not present. |
| Aperio eSlide Manager | Not Vulnerable | Mirth Connect software is not present. |
| Aperio eSlide Manager with LIS Connectivity | Potentially Vulnerable | LBS is working to update its software installers with Mirth Connect 4.4.2 for impacted products. In the meantime, LBS Digital Pathology customers wishing to upgrade to Mirth 4.4.2 may reach out to their regional LBS Technical Support team (available at www.LeicaBiosystems.com). |
| Aperio GT 450 (RUO) (23GT450), Aperio GT 450 DX (23GT450DX), Aperio GT 450 DX (23GT450DXIVD), Aperio GT 450 Standalone |
Not Vulnerable | Mirth Connect software is not present. |
| Aperio ImageScope, Aperio ImageScope DX | Not Vulnerable | Mirth Connect software is not present. |
| Aperio LV1 | Not Vulnerable | Mirth Connect software is not present. |
| Aperio Scanner Administration Manager (SAM for RUO), Aperio GT 450 SAM DX Software (23GT450DXSAMSW) Aperio GT 450 SAM DX Software (23SAMSWDXIVD) Aperio Scanner Administration Manager DX (SAM for Standalone) |
Potentially Vulnerable | LBS is working to update its software installers with Mirth Connect 4.4.2 for impacted products. In the meantime, LBS Digital Pathology customers wishing to upgrade to Mirth 4.4.2 may reach out to their regional LBS Technical Support team (available at www.LeicaBiosystems.com). |
| Aperio VERSA | Not Vulnerable | Mirth Connect software is not present. |
| Aperio WebViewer, Aperio WebViewer DX (23WVDXROW) |
Not Vulnerable | Mirth Connect software is not present. |
| BOND-ADVANCE, BOND Controller | Not Vulnerable | Mirth Connect software is not present. |
| BOND-III | Not Vulnerable | Mirth Connect software is not present. |
| BOND-MAX | Not Vulnerable | Mirth Connect software is not present. |
| BOND RX, BOND RXm | Not Vulnerable | Mirth Connect software is not present. |
| CEREBRO | Potentially Vulnerable | Mirth Connect 4.4.2 is available. CEREBRO customers may work with their CEREBRO support to request an upgrade to Mirth Connect 4.4.2. |
| CytoVision | Not Vulnerable | Mirth Connect software is not present. |
| HistoCore Arcadia C | Not Vulnerable | Mirth Connect software is not present. |
| HistoCore Arcadia H | Not Vulnerable | Mirth Connect software is not present. |
| HistoCore PEARL | Not Vulnerable | Mirth Connect software is not present. |
| HistoCore PEGASUS (PLUS) | Not Vulnerable | Mirth Connect software is not present. |
| HistoCore PELORIS 3 | Not Vulnerable | Mirth Connect software is not present. |
| HistoCore SPECTRA CV | Not Vulnerable | Mirth Connect software is not present. |
| HistoCore SPECTRA ST | Not Vulnerable | Mirth Connect software is not present. |
| HistoCore SPRING ST | Not Vulnerable | Mirth Connect software is not present. |
| Leica ASP200 (S), Leica ASP300 (S) |
Not Vulnerable | Mirth Connect software is not present. |
| Leica ASP6025 (S) | Not Vulnerable | Mirth Connect software is not present. |
| Leica CV5030 | Not Vulnerable | Mirth Connect software is not present. |
| Leica IP C | Not Vulnerable | Mirth Connect software is not present. |
| Leica IP S | Not Vulnerable | Mirth Connect software is not present. |
| Leica ST4020 | Not Vulnerable | Mirth Connect software is not present. |
| Leica ST5010 | Not Vulnerable | Mirth Connect software is not present. |
| Leica ST5020 | Not Vulnerable | Mirth Connect software is not present. |
| Leica TP1020 | Not Vulnerable | Mirth Connect software is not present. |
| PELORIS, PELORIS II | Not Vulnerable | Mirth Connect software is not present. |
| PathDX | Not Vulnerable | Mirth Connect software is not present. |
| ThermoBrite Elite | Not Vulnerable | Mirth Connect software is not present. |