CVE-2021-43935

🗓️ 15 Dec 2021 18:05:16Reported by icscertType

The product configured with SSO is vulnerable to improper authentication

Reporter	Title	Published	Views	Family All 7
CNNVD	Hillrom Welch Allyn CardioProducts 授权问题漏洞	9 Dec 202100:00	–	cnnvd
Cvelist	CVE-2021-43935 ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products	15 Dec 202118:05	–	cvelist
EUVD	EUVD-2021-30797	3 Oct 202520:07	–	euvd
ICS	Hillrom Welch Allyn Cardio Products	9 Dec 202100:00	–	ics
NVD	CVE-2021-43935	15 Dec 202119:15	–	nvd
OSV	CVE-2021-43935	15 Dec 202119:15	–	osv
Prion	Authentication flaw	15 Dec 202119:15	–	prion

NVD

Vulners

Node

baxter welch_allyn_connex_cardioRange1.0.0–1.1.1

baxter welch_allyn_diagnostic_cardiology_suiteMatch2.1.0

baxter welch_allyn_rscribe_resting_ecg_systemRange5.01–7.0.0

baxter welch_allyn_vision_express_holter_analysis_systemRange6.1.0–6.4.0

Node

baxter welch_allyn_hscribe_holter_analysis_system_firmwareRange5.01–6.4.0

AND

baxter welch_allyn_hscribe_holter_analysis_systemMatch-

Node

baxter welch_allyn_q-stress_cardiac_stress_testing_system_firmwareRange6.0.0–6.3.1

AND

baxter welch_allyn_q-stress_cardiac_stress_testing_systemMatch-

Node

baxter welch_allyn_xscribe_cardiac_stress_testing_system_firmwareRange5.01–6.3.1

AND

baxter welch_allyn_xscribe_cardiac_stress_testing_systemMatch-

[
  {
    "product": "Welch Allyn Q-Stress Cardiac Stress Testing System",
    "vendor": "Hillrom",
    "versions": [
      {
        "lessThanOrEqual": "6.3.1",
        "status": "affected",
        "version": "6.0.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Welch Allyn X-Scribe Cardiac Stress Testing System",
    "vendor": "Hillrom",
    "versions": [
      {
        "lessThanOrEqual": "6.3.1",
        "status": "affected",
        "version": "5.01",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Welch Allyn Diagnostic Cardiology Suite",
    "vendor": "Hillrom",
    "versions": [
      {
        "status": "affected",
        "version": "2.1.0"
      }
    ]
  },
  {
    "product": "Welch Allyn Vision Express",
    "vendor": "Hillrom",
    "versions": [
      {
        "lessThanOrEqual": "6.4.0",
        "status": "affected",
        "version": "6.1.0",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Welch Allyn H-Scribe Holter Analysis System",
    "vendor": "Hillrom",
    "versions": [
      {
        "lessThanOrEqual": "6.4.0",
        "status": "affected",
        "version": "5.01",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Welch Allyn R-Scribe Resting ECG System",
    "vendor": "Hillrom",
    "versions": [
      {
        "lessThanOrEqual": "7.0.0",
        "status": "affected",
        "version": "5.01",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "Welch Allyn Connex Cardio",
    "vendor": "Hillrom",
    "versions": [
      {
        "lessThanOrEqual": "1.1.1",
        "status": "affected",
        "version": "1.0.0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cisa	www.cisa.gov/uscert/ics/advisories/icsma-21-343-01

21 Nov 2024 06:30Current

9High risk

Vulners AI Score9

CVSS 26.8

CVSS 3.18.1 - 9.8

EPSS0.00197