Security researchers have found a vulnerability in a networking protocol used in popular hospital anesthesia and respiratory machines, which they say if exploited could be used to maliciously tamper with the devices.

Researchers at healthcare security firm CyberMDX said that the protocol used in the GE Aestiva and GE Aespire devices can be used to send commands if they are connected to a terminal server on the hospital network. Those commands can silence alarms, alter records — and can be abused to change the composition of aspirated gases used in both the respirator and the anesthesia devices, the researchers say.

Homeland Security released an advisory on Tuesday, saying the flaws required “low skill level” to exploit.

“The devices use a proprietary protocol,” said Elad Luz, CyberMDX’s head of research. “It’s pretty straightforward to figure out the commands.”

One of those commands forces the device to use an older version of the protocol — which is still present in the devices to ensure backwards compatibility, said Luz. Worse, none of the commands requires any authentication, he said.

“On every version, you can first send a command to request to change the protocol version to the earliest one, and then send a request to change gas composition,” he said.

“As long as the device is ported to the network through a terminal server, anyone familiar with the communication protocol can force a revert and send a variety of illegitimate commands to the machine,” he said.

In other words, the devices are far safer if they’re not connected to the network.

CyberMDX disclosed the vulnerabilities to GE in late October 2018. GE said versions 7100 and 7900 of the Aestiva and Aespire models are affected. Both models are deployed in hospitals and medical facilities across the U.S.

GE spokesperson Amy Sarosiek initially told TechCrunch: “After a formal risk investigation, we have determined that this potential implementation scenario does not introduce clinical hazard or direct patient risk, and there is no vulnerability with the anesthesia device itself.”

GE said it based its assessment of no risk to patient care on international healthcare safety standards and testing maximum variation in parameter modification from the disclosed concern. “Our assessment does not lead us to believe there are patient safety issues,” the spokesperson said.

But that didn’t hold up for long.

However, a week later the company updated its public guidance to warn that there could cause harm to patients.

“Over-delivery of tidal volume could in rare cases theoretically lead to an increased risk of lung injury,” said the updated guidance. “In addition, under-delivery could theoretically occur and cause too little total volume of gas to be delivered. If this were to occur without normal clinical intervention, there could theoretically be compromise of patient oxygenation or ventilation.”

When reached to ask about the change in position, spokesperson Sarosiek said its updated guidance “remains extremely improbable” and was added out of “an abundance of caution.”

The company declined to say how many devices are affected but that the ability to modify gas composition is no longer available on systems sold after 2009.

It’s the second set of vulnerabilities in as many months released by CyberMDX. In June the research firm found vulnerabilities in a widely used medical infusion pump.

Updated with additional details about the flaws following new guidance from GE.