#VU64470 Use of Hard-coded Password in Hill-Rom Services products - CVE-2022-26388
Published: June 17, 2022
Vulnerability identifier: #VU64470
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-26388
CWE-ID: CWE-259
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Welch Allyn ELI 380 Resting Electrocardiograph
Welch Allyn ELI 280 Resting Electrocardiograph
Welch Allyn ELI BUR280 Resting Electrocardiograph
Welch Allyn ELI MLBUR 280 Resting Electrocardiograph
Welch Allyn ELI 250c Resting Electrocardiograph
Welch Allyn ELI BUR 250c Resting Electrocardiograph
Welch Allyn ELI 150c Resting Electrocardiograph
Welch Allyn ELI BUR 150c Resting Electrocardiograph
Welch Allyn ELI MLBUR 150c Resting Electrocardiograph
Welch Allyn ELI 380 Resting Electrocardiograph
Welch Allyn ELI 280 Resting Electrocardiograph
Welch Allyn ELI BUR280 Resting Electrocardiograph
Welch Allyn ELI MLBUR 280 Resting Electrocardiograph
Welch Allyn ELI 250c Resting Electrocardiograph
Welch Allyn ELI BUR 250c Resting Electrocardiograph
Welch Allyn ELI 150c Resting Electrocardiograph
Welch Allyn ELI BUR 150c Resting Electrocardiograph
Welch Allyn ELI MLBUR 150c Resting Electrocardiograph
Software vendor:
Hill-Rom Services
Hill-Rom Services
Description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to the software contains a hard-coded password. An attacker with physical access can cause privileged operation execution.
Remediation
Install updates from vendor's website.