Hillrom Medical Device Management has reported the discovery of two vulnerabilities in selected Welch Allyn medical devices. An unauthorized attacker could exploit the vulnerabilities to threaten software protection by carrying out commands, getting privileges, and viewing sensitive data while avoiding identification.
These Hillrom products are affected by the vulnerabilities:
- Welch Allyn ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph (versions 2.3.1 and earlier)
- Welch Allyn ELI 380 Resting Electrocardiograph (versions 2.6.0 and earlier)
- Welch Allyn ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph (versions 2.2.0 and earlier)
- Welch Allyn ELI 250c/BUR 250c Resting Electrocardiograph (versions 2.1.2 and earlier)
An anonymous researcher discovered the two vulnerabilities and notified Hillrom. The most critical vulnerability monitored as CVE-2022-26389 got a CVSS v3 severity rating of 7.7 or high severity. It is caused by incorrect access controls for limiting attempts at accessing resources by unauthorized individuals.
The other vulnerability that is monitored as CVE-2022-26388 got a CVSS v3 severity rating of 6.4 or medium severity. It is caused by the usage of hard-coded credentials both for inward-bound authentication and outward-bound communication to outside components.
In May 2022, Hillrom launched a patch to correct the vulnerability for the Welch Allyn ELI 280/BUR280/MLBUR 280 Resting Electrocardiograph. The company also planned the release of patches in the fourth quarter of 2023 to fix the vulnerabilities identified in the Welch Allyn ELI 380 and ELI 150c/BUR 150c/MLBUR 150c Resting Electrocardiograph devices.
The patches must be used immediately to avoid taking advantage of the vulnerabilities. In case a patch is not yet released, Hillrom advises using the appropriate network and physical security settings to lessen risk:
Make sure a unique encryption key is set up for ELI Link and Cardiograph.
Wherever possible, utilize a firewall to stop communication on Port 23 Telnet service, Port 22 SSH (Secure Shell Connection), and Port 21 FTP service.