ICSMA-21-343-01
·
Published 2021-12-09
·
View on CISA ICS-CERT ↗
Hillrom Welch Allyn Cardio Products
CVSS 8.1
HIGH
Risk Summary
Successful exploitation of this vulnerability could allow an attacker to access privileged accounts.
CVEs (1)
Remediations
- Hillrom plans to release software updates to address this vulnerability in their next software release. In the interim, Hillrom recommends the following workaround and mitigation to reduce the risk:
- Hillrom recommends users upgrade to the latest product versions when updated products are available. Information on how to update these products to their new versions can be found on the Hillrom disclosure page.
- Hillrom recommends the following additional workarounds to help reduce risk:
Affected Vendors
Hillrom
Affected Products (7)
Hillrom
·
Welch Allyn Connex Cardio
>= 1.0.0 | <= 1.1.1
Hillrom
·
Welch Allyn Q-Stress Cardiac Stress Testing System
>= 6.0.0 | <= 6.3.1
Hillrom
·
Welch Allyn X-Scribe Cardiac Stress Testing System
>= 5.01 | <= 6.3.1
Hillrom
·
Welch Allyn R-Scribe Resting ECG System
>= 5.01 | <= 7.0.0
Hillrom
·
Welch Allyn H-Scribe Holter Analysis System
>= 5.01 | <= 6.4.0
Hillrom
·
Welch Allyn Diagnostic Cardiology Suite
2.1.0
Hillrom
·
Welch Allyn Vision Express
>= 6.1.0 | <= 6.4.0
Affected Sectors
Healthcare and Public Health
Get alerted to advisories like this
OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.
Start free trial Learn more