Itamar Cohen-Matalon

**Name of the Vulnerable Software and Affected Versions** Welch Allyn Service Tool versions prior to v1.10 Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE) versions prior to v5.3 Welch Allyn Software Development Kit (SDK) versions prior to v3.2 Welch Allyn Connex Central Station (CS) versions prior to v1.8.6 Welch Allyn Service Monitor versions prior to v1.7.0.0 Welch Allyn Connex Vital Signs Monitor (CVSM) versions prior to v2.43.02 Welch Allyn Connex Integrated Wall System (CIWS) versions prior to v2.43.02 Welch Allyn Connex Spot Monitor (CSM) versions prior to v1.52 Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device versions prior to v1.11.00 **Description** The affected product is vulnerable to an out-of-bounds read, which can cause information leakage leading to arbitrary code execution if chained to the out-of-bounds write vulnerability. **Recommendations** For Welch Allyn Service Tool versions prior to v1.10, update to version v1.10 or later. For Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE) versions prior to v5.3, update to version v5.3 or later. For Welch Allyn Software Development Kit (SDK) versions prior to v3.2, update to version v3.2 or later. For Welch Allyn Connex Central Station (CS) versions prior to v1.8.6, update to version v1.8.6 or later. For Welch Allyn Service Monitor versions prior to v1.7.0.0, update to version v1.7.0.0 or later. For Welch Allyn Connex Vital Signs Monitor (CVSM) versions prior to v2.43.02, update to version v2.43.02 or later. For Welch Allyn Connex Integrated Wall System (CIWS) versions prior to v2.43.02, update to version v2.43.02 or later. For Welch Allyn Connex Spot Monitor (CSM) versions prior to v1.52, update to version v1.52 or later. For Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device versions prior to v1.11.00, update to version v1.11.00 or later.

**Name of the Vulnerable Software and Affected Versions** Welch Allyn Service Tool versions prior to v1.10 Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE) versions prior to v5.3 Welch Allyn Software Development Kit (SDK) versions prior to v3.2 Welch Allyn Connex Central Station (CS) versions prior to v1.8.6 Welch Allyn Service Monitor versions prior to v1.7.0.0 Welch Allyn Connex Vital Signs Monitor (CVSM) versions prior to v2.43.02 Welch Allyn Connex Integrated Wall System (CIWS) versions prior to v2.43.02 Welch Allyn Connex Spot Monitor (CSM) versions prior to v1.52 Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device versions prior to v1.11.00 **Description** The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools. **Recommendations** For Welch Allyn Service Tool versions prior to v1.10, update to version v1.10 or later. For Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE) versions prior to v5.3, update to version v5.3 or later. For Welch Allyn Software Development Kit (SDK) versions prior to v3.2, update to version v3.2 or later. For Welch Allyn Connex Central Station (CS) versions prior to v1.8.6, update to version v1.8.6 or later. For Welch Allyn Service Monitor versions prior to v1.7.0.0, update to version v1.7.0.0 or later. For Welch Allyn Connex Vital Signs Monitor (CVSM) versions prior to v2.43.02, update to version v2.43.02 or later. For Welch Allyn Connex Integrated Wall System (CIWS) versions prior to v2.43.02, update to version v2.43.02 or later. For Welch Allyn Connex Spot Monitor (CSM) versions prior to v1.52, update to version v1.52 or later. For Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device versions prior to v1.11.00, update to version v1.11.00 or later.