According to the German Federal Institute for Drugs and Medical Devices (BfArM), Wind River’s real-time operating system VxWorks is used in many medical devices, therefore do critical vulnerabilities in the operating system have consequences for these medical devices. Affected versions are:
- VxWorks 6.5 to 6.9 (End-of-Life)
- VxWorks 7 (SR540 and SR610)
- VxWorks 653 MCE 3.x (may be affected)
Medical device manufacturers using this operating system must implement risk mitigation measures based on their updated risk analysis in light of this vulnerability.
If these measures correspond to the definition of a recall in accordance with § 2 No. 3 MPSV (a measure to eliminate, reduce or prevent the recurrence of a risk arising from a medical device, which initiates the return, replacement, retrofitting, disposal or destruction of a medical device or provides users, operators or patients with information on the further safe use or operation of medical devices), the measure must be reported to BfArM on the notification form for Field Safety Corrective Actions issued by BfArM.