Two versions of GE Healthcare’s GE Aestiva and Aespire anesthesia machines have security holes that could be taken advantage of by cyber attackers, the Department of Homeland Security warned.

The cybersecurity holes — which are present in versions 7100 and 7900 of the products — can be exploited remotely through an unsecured terminal server even by users with low skill levels, the agency said.

Attackers taking advantage of the vulnerability could remotely modify the anesthesia devices’ parameters and turn off the machines’ alarms.