#VU58818 Authentication bypass using an alternate path or channel in Hill-Rom Services Hardware solutions


Published: 2021-12-10

Vulnerability identifier: #VU58818

Vulnerability risk: High

CVSSv3.1: 7.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C]

CVE-ID: CVE-2021-43935

CWE-ID: CWE-288

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Welch Allyn Q-Stress Cardiac Stress Testing System
Hardware solutions / Medical equipment
Welch Allyn X-Scribe Cardiac Stress Testing System
Hardware solutions / Medical equipment
Welch Allyn Diagnostic Cardiology Suite
Hardware solutions / Medical equipment
Welch Allyn Vision Express
Hardware solutions / Medical equipment
Welch Allyn H-Scribe Holter Analysis System
Hardware solutions / Medical equipment
Welch Allyn R-Scribe Resting ECG System
Hardware solutions / Medical equipment
Welch Allyn Connex Cardio
Hardware solutions / Medical equipment

Vendor: Hill-Rom Services

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to an improper authentication. A remote attacker can gain access to the application as the supplied AD account, with all associated privileges. 

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Welch Allyn Q-Stress Cardiac Stress Testing System: 6.0.0 - 6.3.1

Welch Allyn X-Scribe Cardiac Stress Testing System: 5.01 - 6.3.1

Welch Allyn Diagnostic Cardiology Suite: 2.1.0

Welch Allyn Vision Express: 6.1.0 - 6.4.0

Welch Allyn H-Scribe Holter Analysis System: 5.01 - 6.4.0

Welch Allyn R-Scribe Resting ECG System: 5.01 - 7.0.0

Welch Allyn Connex Cardio: 1.0.0 - 1.1.1


External links
http://ics-cert.us-cert.gov/advisories/icsma-21-343-01


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability