Skip to content
Recall Observatory FDA recall evidence

Device product

iDesign, Model - G300: System AWS (International), System AWS (China), Advanced WaveScan Studio (United States); iDesign Refractive Studio Aberrometer (International) and (United States), Model: G301

Z-0443-2022

October 21, 2021

Class II

Product summary

Firm
AMO Manufacturing USA, LLC
Event
Event 88986
Status
Ongoing
Classification
Class II
Quantity
711
Official record key
device-enforcement:Z-0443-2022

Official wording

Reason: Aberrometer and precision laser systems are affected by a remote code execution vulnerability existing when the Microsoft Windows Print Spooler service is enabled, and improperly performs privileged file operations. This could be exploited to run arbitrary code with SYSTEM privileges, allowing for program installation; view/change/deleting data; or creation of new accounts with full user rights.

Code information: G300 with Windows XP. G301 with Windows 7 Embedded System.

Distribution pattern: US: CA, TX, FL, LA, MD, IA, MA, VA, SD, MN, MO, NC, TN, SC, WA, NV, OH, KY, IN, CO, NJ, OK, NH, UT, AR, NY, AK, ND, NE, IL, AL, HI, CT, DE, KS, GA, OR, MS, PA, MT, ME, MI, AZ, ID, WI, VT, NM, CA. OUS: Canada, Mexico, Russian Federation, Turkey, Brazil, Egypt, Iraq, Saudi Arabia, Jordan, Norway, Colombia, Germany, Malaysia, India, Oman, Azerbaijan, Canada, Slovakia, Lebanon, Spain, Ireland, Italy, South Korea, Bangladesh, Chile, Taiwan, Tunisia, Kazakhstan, Libya, Argentina, Singapore, Austria, Australia, Vietnam, Greece, Poland, Indonesia, Yemen, Great Britain, South Africa, Croatia, France, Czech Republic, Algeria, Thailand, Bulgaria, United Arab Emirates, Belgium, Japan, China, Nepal, Israel, Switzerland, Dominican Republic, Hong Kong, Portugal, Ecuador, Kuwait, Netherlands, Slovenia, Philippines

Derived failure modes

  • Unknown

    reason.no_named_rule · v1.0.0

    Aberrometer and precision laser systems are affected by a remote code execution vulnerability existing when the Microsoft Windows Print Spooler service is enabled, and improperly performs privileged file operations. This could be exploited to run arbitrary code with SYSTEM privileges, allowing for program installation; view/change/deleting data; or creation of new accounts with full user rights.