#VU53731 Out-of-bounds read in Hill-Rom Services products - CVE-2021-27408
Published: June 2, 2021
Vulnerability identifier: #VU53731
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-27408
CWE-ID: CWE-125
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
Welch Allyn Service Tool
Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE)
Welch Allyn Software Development Kit (SDK)
Welch Allyn Connex Central Station (CS)
Welch Allyn Service Monitor
Welch Allyn Connex Vital Signs Monitor (CVSM)
Welch Allyn Connex Integrated Wall System (CIWS)
Welch Allyn Connex Spot Monitor (CSM)
Welch Allyn Spot Vital Signs 4400 Device (Spot 4400)
Welch Allyn Spot 4400 Vital Signs Extended Care Device
Welch Allyn Service Tool
Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE)
Welch Allyn Software Development Kit (SDK)
Welch Allyn Connex Central Station (CS)
Welch Allyn Service Monitor
Welch Allyn Connex Vital Signs Monitor (CVSM)
Welch Allyn Connex Integrated Wall System (CIWS)
Welch Allyn Connex Spot Monitor (CSM)
Welch Allyn Spot Vital Signs 4400 Device (Spot 4400)
Welch Allyn Spot 4400 Vital Signs Extended Care Device
Software vendor:
Hill-Rom Services
Hill-Rom Services
Description
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition. A remote authenticated attacker on the local network can trigger out-of-bounds read error and read contents of memory on the system.
Remediation
Install updates from vendor's website.