Lucene search

[email protected]NVD:CVE-2021-27408

HistoryJun 11, 2021 - 5:15 p.m.

CVE-2021-27408

2021-06-1117:15:10

CWE-125

[email protected]

web.nvd.nist.gov

information leakage

arbitrary code execution

out-of-bounds read

cve-2021-27408

vulnerable product

welch allyn service tool

connex device integration suite

software development kit

connex central station

service monitor

connex vital signs monitor

connex integrated wall system

connex spot monitor

spot vital signs 4400 device

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

57.2%

JSON

The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00).

Affected configurations

Nvd

Node

hillromconnex_central_stationRange<1.8.6

hillromconnex_device_integration_suite_network_connectivity_engineRange<5.3

hillromconnex_integrated_wall_systemRange<2.43.02

hillromconnex_spot_monitorRange<1.52

hillromconnex_vital_signs_monitorRange<2.43.02

hillromservice_monitorRange<1.7.0.0

hillromservice_toolRange<1.10

hillromsoftware_development_kitRange<3.2

hillromspot_vital_signs_4400Range<1.11.00-

hillromspot_vital_signs_4400Range<1.11.00extended_care

VendorProductVersionCPE
hillromconnex_central_station*cpe:2.3:a:hillrom:connex_central_station:*:*:*:*:*:*:*:*
hillromconnex_device_integration_suite_network_connectivity_engine*cpe:2.3:a:hillrom:connex_device_integration_suite_network_connectivity_engine:*:*:*:*:*:*:*:*
hillromconnex_integrated_wall_system*cpe:2.3:a:hillrom:connex_integrated_wall_system:*:*:*:*:*:*:*:*
hillromconnex_spot_monitor*cpe:2.3:a:hillrom:connex_spot_monitor:*:*:*:*:*:*:*:*
hillromconnex_vital_signs_monitor*cpe:2.3:a:hillrom:connex_vital_signs_monitor:*:*:*:*:*:*:*:*
hillromservice_monitor*cpe:2.3:a:hillrom:service_monitor:*:*:*:*:*:*:*:*
hillromservice_tool*cpe:2.3:a:hillrom:service_tool:*:*:*:*:*:*:*:*
hillromsoftware_development_kit*cpe:2.3:a:hillrom:software_development_kit:*:*:*:*:*:*:*:*
hillromspot_vital_signs_4400*cpe:2.3:a:hillrom:spot_vital_signs_4400:*:*:*:*:-:*:*:*
hillromspot_vital_signs_4400*cpe:2.3:a:hillrom:spot_vital_signs_4400:*:*:*:*:extended_care:*:*:*

Vendor	Product	Version	CPE
hillrom	connex_central_station	*	cpe:2.3:a:hillrom:connex_central_station::::::::
hillrom	connex_device_integration_suite_network_connectivity_engine	*	cpe:2.3:a:hillrom:connex_device_integration_suite_network_connectivity_engine::::::::
hillrom	connex_integrated_wall_system	*	cpe:2.3:a:hillrom:connex_integrated_wall_system::::::::
hillrom	connex_spot_monitor	*	cpe:2.3:a:hillrom:connex_spot_monitor::::::::
hillrom	connex_vital_signs_monitor	*	cpe:2.3:a:hillrom:connex_vital_signs_monitor::::::::
hillrom	service_monitor	*	cpe:2.3:a:hillrom:service_monitor::::::::
hillrom	service_tool	*	cpe:2.3:a:hillrom:service_tool::::::::
hillrom	software_development_kit	*	cpe:2.3:a:hillrom:software_development_kit::::::::
hillrom	spot_vital_signs_4400	*	cpe:2.3:a:hillrom:spot_vital_signs_4400:::::-:::*
hillrom	spot_vital_signs_4400	*	cpe:2.3:a:hillrom:spot_vital_signs_4400:::::extended_care:::*

References

us-cert.cisa.gov/ics/advisories/icsma-21-152-01

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.002

Percentile

57.2%

JSON

Related for NVD:CVE-2021-27408

cve1 cvelist1 prion1 ics1