#VU64472 Improper access control in Hill-Rom Services products - CVE-2022-26389
Published: June 17, 2022
Vulnerability identifier: #VU64472
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2022-26389
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Welch Allyn ELI 380 Resting Electrocardiograph
Welch Allyn ELI 280 Resting Electrocardiograph
Welch Allyn ELI BUR280 Resting Electrocardiograph
Welch Allyn ELI MLBUR 280 Resting Electrocardiograph
Welch Allyn ELI 250c Resting Electrocardiograph
Welch Allyn ELI BUR 250c Resting Electrocardiograph
Welch Allyn ELI 150c Resting Electrocardiograph
Welch Allyn ELI BUR 150c Resting Electrocardiograph
Welch Allyn ELI MLBUR 150c Resting Electrocardiograph
Welch Allyn ELI 380 Resting Electrocardiograph
Welch Allyn ELI 280 Resting Electrocardiograph
Welch Allyn ELI BUR280 Resting Electrocardiograph
Welch Allyn ELI MLBUR 280 Resting Electrocardiograph
Welch Allyn ELI 250c Resting Electrocardiograph
Welch Allyn ELI BUR 250c Resting Electrocardiograph
Welch Allyn ELI 150c Resting Electrocardiograph
Welch Allyn ELI BUR 150c Resting Electrocardiograph
Welch Allyn ELI MLBUR 150c Resting Electrocardiograph
Software vendor:
Hill-Rom Services
Hill-Rom Services
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the affected software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.
Remediation
Install updates from vendor's website.