Skip to main content

Hillrom Medical Device Management Tools Vulnerabilities

Two out-of-bounds read and write issues are causing vulnerabilities in the Hillrom medical device management tools, which are Welch Allyn products.

Threat ID:
CC-3875
Threat Severity:
Low
Threat Vector:
Vulnerability
Published:
2 June 2021 3:49 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Two out-of-bounds read and write issues are causing vulnerabilities in the Hillrom medical device management tools, which are Welch Allyn products.

Affected platforms

The following platforms are known to be affected:

  • Welch Allyn Service Tool: versions prior to v1.10
  • Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3
  • Welch Allyn Software Development Kit (SDK): versions prior to v3.2
  • Welch Allyn Connex Central Station (CS): versions prior to v1.8.4 Service Pack 01
  • Welch Allyn Service Monitor: versions prior to v1.7.0.0
  • Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02
  • Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02
  • Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52
  • Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00

Threat details

Introduction

Hillrom has announced two vulnerabilities in its medical device management tools that are affecting products in the Welch Allyn Patient Monitoring portfolio. An attacker could exploit these vulnerabilities to cause memory corruption, execute arbitrary code, and take control of an affected system.

Vulnerability details

Two out-of-bounds read/write issues are causing vulnerabilities in the Hillrom medical device management tools.

  • CVE-2021-27408 – The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability. 
  • CVE-2021-27410 – The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution. 

Threat updates

Date Update
23 Nov 2022 Hillrom Medical Device Management (Update C)

CISA and Hillrom have released an update to reflect an alteration to the remediation for the Welch Allyn Connex Central Station.
21 Sep 2022 Hillrom Medical Device Management (Update B)

CISA and Hillrom have released an update to reflect a change in the CVSSv3 score to 5.9, a change to the affected products (Welch Allyn Connex Central Station), and the corresponding alteration to the remediation.
29 Dec 2021 Hillrom Medical Device Management (Update A)

Hillrom has released Update A which gives details of release dates for security updates to affected products. The updated releases are listed in the 'Remediation advice' section below.

Remediation advice

Administrators and users are encouraged to contact their Welch Allyn suppliers and apply any updates.  Affected organisations should review the Hillrom Responsible Disclosures for more information.

Hillrom has announced software updates that will mitigate the vulnerabilities as follows:

  • Welch Allyn Service Tool: v1.10
  • Welch Allyn Software Development Kit (SDK): v3.2
  • Welch Allyn Connex Central Station (CS): v1.8.4 Service Pack 01 (released November 2022)
  • Welch Allyn Connex Device Integration Suite - Network Connectivity Engine (NCE): v5.3 (released September 2021)
  • Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: v1.11.00 (Released October 2021)
  • Welch Allyn Service Monitor: v1.7.0.0
  • Welch Allyn Connex Vital Signs Monitor (CVSM): v2.43.02
  • Welch Allen Connex Integrated Wall System (CIWS): v2.43.02
  • Welch Allyn Connex Spot Monitor (CSM): v1.52

CVE Vulnerabilities

Status Published

CVE-2021-27408

The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00).
Status Published

CVE-2021-27410

The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00).

Last edited: 23 November 2022 11:56 am