PT-2021-17446 · Welch Allyn · Welch Allyn Connex Central Station+9

Itamar Cohen-Matalon

·

Published

2021-06-11

·

Updated

2021-06-24

·

CVE-2021-27410

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Welch Allyn Service Tool versions prior to v1.10 Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE) versions prior to v5.3 Welch Allyn Software Development Kit (SDK) versions prior to v3.2 Welch Allyn Connex Central Station (CS) versions prior to v1.8.6 Welch Allyn Service Monitor versions prior to v1.7.0.0 Welch Allyn Connex Vital Signs Monitor (CVSM) versions prior to v2.43.02 Welch Allyn Connex Integrated Wall System (CIWS) versions prior to v2.43.02 Welch Allyn Connex Spot Monitor (CSM) versions prior to v1.52 Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device versions prior to v1.11.00
Description The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools.
Recommendations For Welch Allyn Service Tool versions prior to v1.10, update to version v1.10 or later. For Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE) versions prior to v5.3, update to version v5.3 or later. For Welch Allyn Software Development Kit (SDK) versions prior to v3.2, update to version v3.2 or later. For Welch Allyn Connex Central Station (CS) versions prior to v1.8.6, update to version v1.8.6 or later. For Welch Allyn Service Monitor versions prior to v1.7.0.0, update to version v1.7.0.0 or later. For Welch Allyn Connex Vital Signs Monitor (CVSM) versions prior to v2.43.02, update to version v2.43.02 or later. For Welch Allyn Connex Integrated Wall System (CIWS) versions prior to v2.43.02, update to version v2.43.02 or later. For Welch Allyn Connex Spot Monitor (CSM) versions prior to v1.52, update to version v1.52 or later. For Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device versions prior to v1.11.00, update to version v1.11.00 or later.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2021-27410

Affected Products

Welch Allyn Connex Central Station
Welch Allyn Connex Device Integration Suite – Network Connectivity Engine
Welch Allyn Connex Integrated Wall System
Welch Allyn Connex Spot Monitor
Welch Allyn Connex Vital Signs Monitor
Welch Allyn Service Monitor
Welch Allyn Service Tool
Welch Allyn Software Development Kit
Welch Allyn Spot 4400 Vital Signs Extended Care Device
Welch Allyn Spot Vital Signs 4400 Device