#VU53730 Out-of-bounds write in Hill-Rom Services products - CVE-2021-27410
Published: June 2, 2021
Vulnerability identifier: #VU53730
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-27410
CWE-ID: CWE-787
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Welch Allyn Service Tool
Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE)
Welch Allyn Software Development Kit (SDK)
Welch Allyn Connex Central Station (CS)
Welch Allyn Service Monitor
Welch Allyn Connex Vital Signs Monitor (CVSM)
Welch Allyn Connex Integrated Wall System (CIWS)
Welch Allyn Connex Spot Monitor (CSM)
Welch Allyn Spot Vital Signs 4400 Device (Spot 4400)
Welch Allyn Spot 4400 Vital Signs Extended Care Device
Welch Allyn Service Tool
Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE)
Welch Allyn Software Development Kit (SDK)
Welch Allyn Connex Central Station (CS)
Welch Allyn Service Monitor
Welch Allyn Connex Vital Signs Monitor (CVSM)
Welch Allyn Connex Integrated Wall System (CIWS)
Welch Allyn Connex Spot Monitor (CSM)
Welch Allyn Spot Vital Signs 4400 Device (Spot 4400)
Welch Allyn Spot 4400 Vital Signs Extended Care Device
Software vendor:
Hill-Rom Services
Hill-Rom Services
Description
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A remote authenticated attacker on the local network can trigger out-of-bounds write and execute arbitrary code on the target system.
Remediation
Install updates from vendor's website.