ICSMA-21-161-01 · Published 2021-06-10 · View on CISA ICS-CERT ↗

ZOLL Defibrillator Dashboard

CVSS 9.9 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities could allow remote code execution, allow an attacker to gain access to credentials, or impact confidentiality, integrity, and availability of the application.

CVEs (6)

CVE-2021-27489 CVE-2021-27481 CVE-2021-27487 CVE-2021-27479 CVE-2021-27485 CVE-2021-27483

Remediations

ZOLL recommends users of affected versions mitigate these vulnerabilities by upgrading to the latest version of Defibrillator Dashboard Version 2.2 or later. For upgrade assistance or questions, please contact ZOLL Data Products Technical Support by phone at 800-348-9011 option one, or via email at [email protected]
ZOLL recommends users of affected versions keep in mind data on the defibrillator device should be considered the source of accurate data, should there be any discrepancy with the Defibrillator Dashboard. Users should perform frequent local checks to confirm readiness of the devices as per manuals.
ZOLL recommends users disable the password autocomplete function on browsers accessing the Defibrillator Dashboard.

Affected Vendors

ZOLL

Affected Products (1)

ZOLL · Defibrillator Dashboard < 2.2

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more