Regarding Vulnerability in the BlackBerry QNX Real Time Operating System
Versions 6.5 SP1 and Earlier
The vulnerability issue that affects BlackBerry QNX Real Time Operating System versions 6.5 SPI and earlier, and its impact on Canon Medical Systems Products, is explained below.
1. What is the vulnerability issue that affects BlackBerry QNX versions 6.5 SP1 and earlier?
On Tuesday, August 17, 2021, the Cybersecurity & Infrastructure Security Agency (CISA) issued an alert about a vulnerability that affects versions 6.5 SP1 and earlier of BlackBerry’s QNX Real Time Operating System (QNX).
The scope of use of QNX includes the medical field, and if this vulnerability is exploited, systems may become unusable. Data theft, data leakage, and device hijacking may also occur. Therefore, in Japan, the National center of Incident readiness and Strategy for Cybersecurity (NISC) issued a warning about this vulnerability on Wednesday, August 18, 2021.
2. Results of a risk assessment of the vulnerability issue that affects BlackBerry QNX versions 6.5 SP1 and earlier.
The evaluation result of a CVSS (Common Vulnerability Scoring System) risk assessment was 9.8. The degree of impact on confidentiality, integrity, and availability were all assessed as “high”.
3. Impact on Canon Medical Systems Products
Canon Medical Systems Products using BlackBerry QNX versions 6.5 SP1 and earlier are as follows:
(1)X-ray CT systems
| System | Model |
|---|---|
| Aquilion ONE | TSX-301A |
| TSX-301C/1,2,3,4,5 | |
| Aquilion | TSX-301B |
| Aquilion PRIME | TSX-302A |
| TSX-303A/1,2,3,4,5,6,7,8,9,K | |
| Aquilion CX | TSX-101A/H,I,J,K,N |
| Aquilion CXL | TSX-101A/Q,S,T |
(2)MRI Systems
| System | Model |
|---|---|
| Vantage AGV/XGV/ZGV | MRT-1503, MRT-2003 |
| Vantage ATLAS-X/Z | MRT-1503, MRT-2003 |
| Vantage Titan | MRT-1504, MRT-1510, MRT-2004 |
| Vantage Titan | MRT-1510 |
| Vantage Orian | MRT-1550 |
| Vantage Elan | MRT-2020 |
| Vantage Titan 3T | MRT-3010 |
| Vantage Galan 3T | MRT-3020 |
| Vantage Centurian | MRT-3020 |
4. Canon Medical Systems’ response to the vulnerability issue that affects BlackBerry QNX versions 6.5 SP1 and earlier.
In all of the systems listed in Section 3, QNX is only used for internal units and is not connected to an external network. Therefore, we have confirmed that there are no risks associated with this vulnerability that affect Canon Medical Systems Products.
For any inquiries from customers regarding this matter, such as information about which systems are affected, please contact your nearest branch office or sales office. For the contact information of the branch offices and sales offices in each region, please refer to the “Global Network (Countries and Regions)” page below. https://global.medical.canon/about/global/
Due to medical device regulatory reasons, not all products/service displayed on this Canon Medical Systems global webpage are available in all countries, regions or markets. Future availability of the products/service cannot also be guaranteed. Please contact your local Canon Medical Systems representative for further details.
