CVE-2021-27410
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00).
El producto afectado es vulnerable a una escritura fuera de límites, lo que puede resultar en una corrupción de datos o una ejecución de código de Welch Allyn medical device management tools (Welch Allyn Service Tool: versiones anteriores a v1.10, Welch Allyn Connex Device Integration Suite - Network Connectivity Engine (NCE): versiones anteriores a v5.3, Welch Allyn Software Development Kit (SDK): versiones anteriores a v3.2, Welch Allyn Connex Central Station (CS): versiones anteriores a v1. 8.6, Welch Allyn Service Monitor: versiones anteriores a v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versiones anteriores a v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versiones anteriores a v2. 43.02, Welch Allyn Connex Spot Monitor (CSM): versiones anteriores a v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versiones anteriores a v1.11.00)
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-02-19 CVE Reserved
- 2021-06-11 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01 | Mitigation |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Hillrom Search vendor "Hillrom" | Connex Central Station Search vendor "Hillrom" for product "Connex Central Station" | < 1.8.6 Search vendor "Hillrom" for product "Connex Central Station" and version " < 1.8.6" | - |
Affected
| ||||||
Hillrom Search vendor "Hillrom" | Connex Device Integration Suite Network Connectivity Engine Search vendor "Hillrom" for product "Connex Device Integration Suite Network Connectivity Engine" | < 5.3 Search vendor "Hillrom" for product "Connex Device Integration Suite Network Connectivity Engine" and version " < 5.3" | - |
Affected
| ||||||
Hillrom Search vendor "Hillrom" | Connex Integrated Wall System Search vendor "Hillrom" for product "Connex Integrated Wall System" | < 2.43.02 Search vendor "Hillrom" for product "Connex Integrated Wall System" and version " < 2.43.02" | - |
Affected
| ||||||
Hillrom Search vendor "Hillrom" | Connex Spot Monitor Search vendor "Hillrom" for product "Connex Spot Monitor" | < 1.52 Search vendor "Hillrom" for product "Connex Spot Monitor" and version " < 1.52" | - |
Affected
| ||||||
Hillrom Search vendor "Hillrom" | Connex Vital Signs Monitor Search vendor "Hillrom" for product "Connex Vital Signs Monitor" | < 2.43.02 Search vendor "Hillrom" for product "Connex Vital Signs Monitor" and version " < 2.43.02" | - |
Affected
| ||||||
Hillrom Search vendor "Hillrom" | Service Monitor Search vendor "Hillrom" for product "Service Monitor" | < 1.7.0.0 Search vendor "Hillrom" for product "Service Monitor" and version " < 1.7.0.0" | - |
Affected
| ||||||
Hillrom Search vendor "Hillrom" | Service Tool Search vendor "Hillrom" for product "Service Tool" | < 1.10 Search vendor "Hillrom" for product "Service Tool" and version " < 1.10" | - |
Affected
| ||||||
Hillrom Search vendor "Hillrom" | Software Development Kit Search vendor "Hillrom" for product "Software Development Kit" | < 3.2 Search vendor "Hillrom" for product "Software Development Kit" and version " < 3.2" | - |
Affected
| ||||||
Hillrom Search vendor "Hillrom" | Spot Vital Signs 4400 Search vendor "Hillrom" for product "Spot Vital Signs 4400" | < 1.11.00 Search vendor "Hillrom" for product "Spot Vital Signs 4400" and version " < 1.11.00" | - |
Affected
| ||||||
Hillrom Search vendor "Hillrom" | Spot Vital Signs 4400 Search vendor "Hillrom" for product "Spot Vital Signs 4400" | < 1.11.00 Search vendor "Hillrom" for product "Spot Vital Signs 4400" and version " < 1.11.00" | extended_care |
Affected
|