The BfArM points out the critical vulnerabilties in the real-time operating system VxWorks of the company Wind River.

Affected versions of VxWorks are:
VxWorks 6.5 to 6.9 (End-of-Life)
VxWorks 7 (SR540 and SR610)
VxWorks 653 MCE 3.x (may be affected)

The real-time operating system VxWorks is used in many medical devices, therefore do critical vulnerabilities in the operating system have consequences for these medical devices.

Medical device manufacturers using this operating system must implement risk mitigation measures based on their updated risk analysis in light of this vulnerability.

If these measures correspond to the definition of a recall in accordance with § 2 No. 3 MPSV (a measure to eliminate, reduce or prevent the recurrence of a risk arising from a medical device, which initiates the return, replacement, retrofitting, disposal or destruction of a medical device or provides users, operators or patients with information on the further safe use or operation of medical devices), the measure must be reported to BfArM on the notification form for Field Safety Corrective Actions published by BfArM

In case of questions please contact:

Federal Institute for Drugs and Medical Devices
Medical Devices Division
Kurt-Georg-Kiesinger-Allee 3
53175 Bonn

Telephone: +49 (0)228 99 307-5384 (active medical devices and in vitro diagnostics)
Facsimile: +49 (0)228 99 307-5300
E-Mail: md-vigilance@bfarm.de