Use of Hard-coded Password in Hill-Rom Services products - CVE-2022-26388

 

Use of Hard-coded Password in Hill-Rom Services products - CVE-2022-26388

Published: June 17, 2022


Vulnerability identifier: #VU64470
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-26388
CWE-ID: CWE-259
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Hill-Rom Services
Affected software:
Welch Allyn ELI 380 Resting Electrocardiograph
Welch Allyn ELI 280 Resting Electrocardiograph
Welch Allyn ELI BUR280 Resting Electrocardiograph
Welch Allyn ELI MLBUR 280 Resting Electrocardiograph
Welch Allyn ELI 250c Resting Electrocardiograph
Welch Allyn ELI BUR 250c Resting Electrocardiograph
Welch Allyn ELI 150c Resting Electrocardiograph
Welch Allyn ELI BUR 150c Resting Electrocardiograph
Welch Allyn ELI MLBUR 150c Resting Electrocardiograph

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system. 

The vulnerability exists due to the software contains a hard-coded password. An attacker with physical access can cause privileged operation execution.


How to mitigate CVE-2022-26388

Install updates from vendor's website.

Sources