ICSMA-22-167-01 · Published 2022-06-16 · View on CISA ICS-CERT ↗

Hillrom Medical Device Management

CVSS 7.7 HIGH

Risk Summary

Successful exploitation of these vulnerabilities could allow an attacker to compromise software security by executing commands, gaining privileges, reading sensitive information, evading detection, etc.

CVEs (2)

CVE-2022-26388 CVE-2022-26389

Remediations

Hillrom has released software updates for all impacted devices to address these vulnerabilities. New product versions that mitigate these vulnerabilities are available as follows:
Hillrom recommends users upgrade to the latest product versions. Information on how to update these products can be found on the Hillrom disclosure page.
Hillrom recommends the following workarounds to help reduce risk:

Affected Vendors

Hillrom and ELI, Baxter International Inc.

Affected Products (4)

Hillrom and ELI, Baxter International Inc. · Welch Allyn ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph <= 2.2.0

Hillrom and ELI, Baxter International Inc. · Welch Allyn ELI 250c/BUR 250c Resting Electrocardiograph <= 2.1.2

Hillrom and ELI, Baxter International Inc. · Welch Allyn ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph <= 2.3.1

Hillrom and ELI, Baxter International Inc. · Welch Allyn ELI 380 Resting Electrocardiograph <= 2.6.0

Affected Sectors

Healthcare and Public Health

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more