// For flags

CVE-2021-27410

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00).

El producto afectado es vulnerable a una escritura fuera de límites, lo que puede resultar en una corrupción de datos o una ejecución de código de Welch Allyn medical device management tools (Welch Allyn Service Tool: versiones anteriores a v1.10, Welch Allyn Connex Device Integration Suite - Network Connectivity Engine (NCE): versiones anteriores a v5.3, Welch Allyn Software Development Kit (SDK): versiones anteriores a v3.2, Welch Allyn Connex Central Station (CS): versiones anteriores a v1. 8.6, Welch Allyn Service Monitor: versiones anteriores a v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versiones anteriores a v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versiones anteriores a v2. 43.02, Welch Allyn Connex Spot Monitor (CSM): versiones anteriores a v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versiones anteriores a v1.11.00)

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-02-19 CVE Reserved
  • 2021-06-11 CVE Published
  • 2024-08-03 CVE Updated
  • 2024-10-14 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL Tag Source
https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01 Mitigation
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Hillrom
Search vendor "Hillrom"
 Connex Central Station
Search vendor "Hillrom" for product "Connex Central Station"
 < 1.8.6
Search vendor "Hillrom" for product "Connex Central Station" and version " < 1.8.6"
-
Affected
Hillrom
Search vendor "Hillrom"
 Connex Device Integration Suite Network Connectivity Engine
Search vendor "Hillrom" for product "Connex Device Integration Suite Network Connectivity Engine"
 < 5.3
Search vendor "Hillrom" for product "Connex Device Integration Suite Network Connectivity Engine" and version " < 5.3"
-
Affected
Hillrom
Search vendor "Hillrom"
 Connex Integrated Wall System
Search vendor "Hillrom" for product "Connex Integrated Wall System"
 < 2.43.02
Search vendor "Hillrom" for product "Connex Integrated Wall System" and version " < 2.43.02"
-
Affected
Hillrom
Search vendor "Hillrom"
 Connex Spot Monitor
Search vendor "Hillrom" for product "Connex Spot Monitor"
 < 1.52
Search vendor "Hillrom" for product "Connex Spot Monitor" and version " < 1.52"
-
Affected
Hillrom
Search vendor "Hillrom"
 Connex Vital Signs Monitor
Search vendor "Hillrom" for product "Connex Vital Signs Monitor"
 < 2.43.02
Search vendor "Hillrom" for product "Connex Vital Signs Monitor" and version " < 2.43.02"
-
Affected
Hillrom
Search vendor "Hillrom"
 Service Monitor
Search vendor "Hillrom" for product "Service Monitor"
 < 1.7.0.0
Search vendor "Hillrom" for product "Service Monitor" and version " < 1.7.0.0"
-
Affected
Hillrom
Search vendor "Hillrom"
 Service Tool
Search vendor "Hillrom" for product "Service Tool"
 < 1.10
Search vendor "Hillrom" for product "Service Tool" and version " < 1.10"
-
Affected
Hillrom
Search vendor "Hillrom"
 Software Development Kit
Search vendor "Hillrom" for product "Software Development Kit"
 < 3.2
Search vendor "Hillrom" for product "Software Development Kit" and version " < 3.2"
-
Affected
Hillrom
Search vendor "Hillrom"
 Spot Vital Signs 4400
Search vendor "Hillrom" for product "Spot Vital Signs 4400"
 < 1.11.00
Search vendor "Hillrom" for product "Spot Vital Signs 4400" and version " < 1.11.00"
-
Affected
Hillrom
Search vendor "Hillrom"
 Spot Vital Signs 4400
Search vendor "Hillrom" for product "Spot Vital Signs 4400"
 < 1.11.00
Search vendor "Hillrom" for product "Spot Vital Signs 4400" and version " < 1.11.00"
extended_care
Affected