Out-of-bounds read in Hill-Rom Services products - CVE-2021-27408

 

Out-of-bounds read in Hill-Rom Services products - CVE-2021-27408

Published: June 2, 2021


Vulnerability identifier: #VU53731
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-27408
CWE-ID: CWE-125
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Hill-Rom Services
Affected software:
Welch Allyn Service Tool
Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE)
Welch Allyn Software Development Kit (SDK)
Welch Allyn Connex Central Station (CS)
Welch Allyn Service Monitor
Welch Allyn Connex Vital Signs Monitor (CVSM)
Welch Allyn Connex Integrated Wall System (CIWS)
Welch Allyn Connex Spot Monitor (CSM)
Welch Allyn Spot Vital Signs 4400 Device (Spot 4400)
Welch Allyn Spot 4400 Vital Signs Extended Care Device

Detailed vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A remote authenticated attacker on the local network can trigger out-of-bounds read error and read contents of memory on the system.


How to mitigate CVE-2021-27408

Install updates from vendor's website.

Sources