Skip to main content

Real-World Vulnerability Lessons

Use these case studies to translate real product vulnerabilities into secure-by-design checks, evidence expectations, and implementation priorities.

The point is not to collect vulnerability news. The point is to recognise failure patterns that can appear in connected products: shared credentials, weak firmware integrity, exposed service interfaces, hidden functionality, unsafe update behaviour, insufficient logging, and unclear customer communication.

Use this hub when you want to choose a case by failure pattern, control area, or evidence lesson.

Choose A Failure Pattern

Failure patternStart withWhat to look for
Shared or default cryptographic keysBaxter Connex Spot Monitor shared keyWhether each device, deployment, or customer has unique credential material and auditable provisioning evidence.
Hidden functionality or undocumented data flowsContec Patient Monitor backdoorWhether update behaviour, data destinations, service functions, and remote paths are documented and reviewable.
Local access, kiosk escape, and service interfacesGE Vivid Ultrasound local accessWhether physical access, service tooling, local apps, USB, and maintenance modes are in the threat model.
Service credential exposure in an ecosystemGE Centricity Viewer credential flawWhether service credentials, customer identity integration, rotation, and audit logging are controlled across the product ecosystem.
Layered firmware, debug, credential, and logging failuresBaxter Life2000 ventilator tamperingWhether debug lockdown, firmware integrity, authentication, logging, update, and recovery evidence work together.

Choose By Control Area

Control areaUseful casesRelated handbook pages
Threat modeling and product boundaryContec, GE Vivid, GE Centricity, Baxter Life2000Threat Modeling, Types of Embedded Device
Device identity, credentials, and key managementBaxter Connex, GE Centricity, GE Vivid, Baxter Life2000Unique Device Identity, Key Provisioning & Storage
Firmware integrity and update safetyContec, Baxter Connex, Baxter Life2000Secure Boot, Secure OTA Updates
Secure configuration and local accessGE Vivid, GE Centricity, Baxter Life2000Secure Configuration & Hardening
Vulnerability handling and customer communicationContec, Baxter Connex, GE Centricity, Baxter Life2000Vulnerability Disclosure, Patch Cadence & Rollback Strategy
Logging, audit, and incident evidenceGE Centricity, GE Vivid, Baxter Life2000Security Logging & Monitoring, Secure-by-Design Evidence Pack

Evidence Lessons

Across the case studies, the evidence pattern is consistent. Product teams should be able to retain and explain:

  • threat models covering realistic physical, local, service, network, cloud, and support scenarios;
  • architecture and data-flow diagrams showing where sensitive data, commands, updates, and service paths go;
  • credential and key-management records showing uniqueness, protection, rotation, revocation, and provisioning;
  • secure boot, update verification, rollback, recovery, and production configuration evidence;
  • secure configuration and debug-interface lockdown records;
  • SBOM, vulnerability status, affected-version analysis, patch, advisory, and customer communication records;
  • logging and audit evidence that supports triage, investigation, and support.

Use the Secure-by-Design Evidence Pack to retain these records and the CRA Readiness Gap Analysis to turn missing evidence into actions.

Product-Team Check

After reading a case study, ask:

  • Could the same failure pattern exist in our product, service, mobile app, update path, support workflow, or manufacturing flow?
  • Would our threat model include this scenario?
  • Which secure-by-design control would prevent, detect, or limit the issue?
  • Could we identify affected products, versions, customers, and support status quickly?
  • Would our evidence pack show the design decision, test result, exception, update, advisory, or customer communication?

If you need to: