9.8

CVE-2021-27410

The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
HillromConnex Central Station Version < 1.8.6
HillromConnex Integrated Wall System Version < 2.43.02
HillromConnex Spot Monitor Version < 1.52
HillromConnex Vital Signs Monitor Version < 2.43.02
HillromService Monitor Version < 1.7.0.0
HillromService Tool Version < 1.10
HillromSpot Vital Signs 4400 SwEdition- Version < 1.11.00
HillromSpot Vital Signs 4400 SwEditionextended_care Version < 1.11.00
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.55% 0.671
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01
Third Party Advisory
US Government Resource
Mitigation