Lucene search

[email protected]CVE-2021-27410

HistoryJun 11, 2021 - 5:15 p.m.

CVE-2021-27410

2021-06-1117:15:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2021-27410

vulnerability

out-of-bounds write

data corruption

code execution

security

welch allyn

medical device management

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.3%

JSON

The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00).

CPENameOperatorVersion
hillrom:spot_vital_signs_4400hillrom spot vital signs 4400lt1.11.00
hillrom:connex_central_stationhillrom connex central stationlt1.8.6
hillrom:connex_device_integration_suite_network_connectivity_enginehillrom connex device integration suite network connectivity enginelt5.3
hillrom:connex_integrated_wall_systemhillrom connex integrated wall systemlt2.43.02
hillrom:connex_spot_monitorhillrom connex spot monitorlt1.52
hillrom:connex_vital_signs_monitorhillrom connex vital signs monitorlt2.43.02
hillrom:service_monitorhillrom service monitorlt1.7.0.0
hillrom:service_toolhillrom service toollt1.10
hillrom:software_development_kithillrom software development kitlt3.2

CPE	Name	Operator	Version
hillrom:spot_vital_signs_4400	hillrom spot vital signs 4400	lt	1.11.00
hillrom:connex_central_station	hillrom connex central station	lt	1.8.6
hillrom:connex_device_integration_suite_network_connectivity_engine	hillrom connex device integration suite network connectivity engine	lt	5.3
hillrom:connex_integrated_wall_system	hillrom connex integrated wall system	lt	2.43.02
hillrom:connex_spot_monitor	hillrom connex spot monitor	lt	1.52
hillrom:connex_vital_signs_monitor	hillrom connex vital signs monitor	lt	2.43.02
hillrom:service_monitor	hillrom service monitor	lt	1.7.0.0
hillrom:service_tool	hillrom service tool	lt	1.10
hillrom:software_development_kit	hillrom software development kit	lt	3.2

References

us-cert.cisa.gov/ics/advisories/icsma-21-152-01

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.3%

JSON

Related for CVE-2021-27410

prion1 ics1 trellix2