Vulnerability-Lookup

CVE-2021-43935 (GCVE-0-2021-43935)

Vulnerability from cvelistv5 – Published: 2021-12-15 18:05 – Updated: 2024-09-16 23:11

Title

ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products

Summary

The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-288 - Authentication Bypass Using an Alternate Path or Channel

Assigner

icscert

References

URL

Tags

https://www.cisa.gov/uscert/ics/advisories/icsma-…

x_refsource_MISC

Impacted products

Vendor

Product

Version

Hillrom

Welch Allyn Q-Stress Cardiac Stress Testing System

Affected: 6.0.0 , ≤ 6.3.1 (custom)

Hillrom	Welch Allyn X-Scribe Cardiac Stress Testing System	Affected: 5.01 , ≤ 6.3.1 (custom)
Hillrom	Welch Allyn Diagnostic Cardiology Suite	Affected: 2.1.0
Hillrom	Welch Allyn Vision Express	Affected: 6.1.0 , ≤ 6.4.0 (custom)
Hillrom	Welch Allyn H-Scribe Holter Analysis System	Affected: 5.01 , ≤ 6.4.0 (custom)
Hillrom	Welch Allyn R-Scribe Resting ECG System	Affected: 5.01 , ≤ 7.0.0 (custom)
Hillrom	Welch Allyn Connex Cardio	Affected: 1.0.0 , ≤ 1.1.1 (custom)

Credits

Hillrom reported this vulnerability to CISA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:10:16.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Welch Allyn Q-Stress Cardiac Stress Testing System",
          "vendor": "Hillrom",
          "versions": [
            {
              "lessThanOrEqual": "6.3.1",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Welch Allyn X-Scribe Cardiac Stress Testing System",
          "vendor": "Hillrom",
          "versions": [
            {
              "lessThanOrEqual": "6.3.1",
              "status": "affected",
              "version": "5.01",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Welch Allyn Diagnostic Cardiology Suite",
          "vendor": "Hillrom",
          "versions": [
            {
              "status": "affected",
              "version": "2.1.0"
            }
          ]
        },
        {
          "product": "Welch Allyn Vision Express",
          "vendor": "Hillrom",
          "versions": [
            {
              "lessThanOrEqual": "6.4.0",
              "status": "affected",
              "version": "6.1.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Welch Allyn H-Scribe Holter Analysis System",
          "vendor": "Hillrom",
          "versions": [
            {
              "lessThanOrEqual": "6.4.0",
              "status": "affected",
              "version": "5.01",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Welch Allyn R-Scribe Resting ECG System",
          "vendor": "Hillrom",
          "versions": [
            {
              "lessThanOrEqual": "7.0.0",
              "status": "affected",
              "version": "5.01",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Welch Allyn Connex Cardio",
          "vendor": "Hillrom",
          "versions": [
            {
              "lessThanOrEqual": "1.1.1",
              "status": "affected",
              "version": "1.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Hillrom reported this vulnerability to CISA"
        }
      ],
      "datePublic": "2021-12-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-288",
              "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T18:05:16",
        "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "shortName": "icscert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Hillrom recommends users upgrade to the latest product versions when updated products are available. Information on how to update these products to their new versions can be found on the Hillrom disclosure page."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products",
      "workarounds": [
        {
          "lang": "en",
          "value": "-Disable the SSO feature in the respective Modality Manager Configuration settings. Please refer to the instructions for use (IFU) and/or service manual for instructions on how to disable SSO.\n-Apply proper network and physical security controls.\n-Apply authentication for server access."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "DATE_PUBLIC": "2021-12-09T17:10:00.000Z",
          "ID": "CVE-2021-43935",
          "STATE": "PUBLIC",
          "TITLE": "ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Welch Allyn Q-Stress Cardiac Stress Testing System",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "6.0.0",
                            "version_value": "6.3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Welch Allyn X-Scribe Cardiac Stress Testing System",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5.01",
                            "version_value": "6.3.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Welch Allyn Diagnostic Cardiology Suite",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "2.1.0",
                            "version_value": "2.1.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Welch Allyn Vision Express",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "6.1.0",
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Welch Allyn H-Scribe Holter Analysis System",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5.01",
                            "version_value": "6.4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Welch Allyn R-Scribe Resting ECG System",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "5.01",
                            "version_value": "7.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Welch Allyn Connex Cardio",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "1.0.0",
                            "version_value": "1.1.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Hillrom"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Hillrom reported this vulnerability to CISA"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01",
              "refsource": "MISC",
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Hillrom recommends users upgrade to the latest product versions when updated products are available. Information on how to update these products to their new versions can be found on the Hillrom disclosure page."
          }
        ],
        "source": {
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "-Disable the SSO feature in the respective Modality Manager Configuration settings. Please refer to the instructions for use (IFU) and/or service manual for instructions on how to disable SSO.\n-Apply proper network and physical security controls.\n-Apply authentication for server access."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
    "assignerShortName": "icscert",
    "cveId": "CVE-2021-43935",
    "datePublished": "2021-12-15T18:05:16.799122Z",
    "dateReserved": "2021-11-16T00:00:00",
    "dateUpdated": "2024-09-16T23:11:47.219Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:baxter:welch_allyn_connex_cardio:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.0.0\", \"versionEndIncluding\": \"1.1.1\", \"matchCriteriaId\": \"C9DAE7F6-E2AF-4DF4-AEB0-A62B2A343193\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:baxter:welch_allyn_diagnostic_cardiology_suite:2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09D76DAA-4799-4DCD-B7F2-46D17A03A614\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:baxter:welch_allyn_rscribe_resting_ecg_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.01\", \"versionEndIncluding\": \"7.0.0\", \"matchCriteriaId\": \"98FC1911-F92B-4D4A-ABDE-882807F8EF16\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:baxter:welch_allyn_vision_express_holter_analysis_system:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.1.0\", \"versionEndIncluding\": \"6.4.0\", \"matchCriteriaId\": \"4AC5DF38-0E45-496E-BBC5-C46D8B77AF16\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:baxter:welch_allyn_hscribe_holter_analysis_system_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.01\", \"versionEndIncluding\": \"6.4.0\", \"matchCriteriaId\": \"ED9D8D71-FA01-4E29-A27A-78B7933F96C0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:baxter:welch_allyn_hscribe_holter_analysis_system:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC5C925E-8AD6-432A-800B-12DC33FCAA67\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:baxter:welch_allyn_q-stress_cardiac_stress_testing_system_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"6.0.0\", \"versionEndIncluding\": \"6.3.1\", \"matchCriteriaId\": \"5AA1AF5C-68D3-4D79-A9F0-2E392BE0FB37\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:baxter:welch_allyn_q-stress_cardiac_stress_testing_system:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D183E89E-3219-4979-AADF-345A3A6CB815\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:baxter:welch_allyn_xscribe_cardiac_stress_testing_system_firmware:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.01\", \"versionEndIncluding\": \"6.3.1\", \"matchCriteriaId\": \"E6AF883C-C044-451A-914C-7CA5113670C4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:baxter:welch_allyn_xscribe_cardiac_stress_testing_system:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34255579-A781-4C23-B78A-E20EA6483330\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.\"}, {\"lang\": \"es\", \"value\": \"Los productos afectados, cuando est\\u00e1n configurados para usar SSO, est\\u00e1n afectados por una vulnerabilidad de autenticaci\\u00f3n inapropiada. Esta vulnerabilidad permite que la aplicaci\\u00f3n acepte la entrada manual de cualquier cuenta del directorio activo (AD) provista en la aplicaci\\u00f3n sin suministrar una contrase\\u00f1a, resultando en el acceso a la aplicaci\\u00f3n como la cuenta AD suministrada, con todos los privilegios asociados\"}]",
      "id": "CVE-2021-43935",
      "lastModified": "2024-11-21T06:30:01.987",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-12-15T19:15:15.873",
      "references": "[{\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01\", \"source\": \"ics-cert@hq.dhs.gov\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Third Party Advisory\", \"US Government Resource\"]}]",
      "sourceIdentifier": "ics-cert@hq.dhs.gov",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"ics-cert@hq.dhs.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-288\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-287\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-43935\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2021-12-15T19:15:15.873\",\"lastModified\":\"2024-11-21T06:30:01.987\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.\"},{\"lang\":\"es\",\"value\":\"Los productos afectados, cuando est\u00e1n configurados para usar SSO, est\u00e1n afectados por una vulnerabilidad de autenticaci\u00f3n inapropiada. Esta vulnerabilidad permite que la aplicaci\u00f3n acepte la entrada manual de cualquier cuenta del directorio activo (AD) provista en la aplicaci\u00f3n sin suministrar una contrase\u00f1a, resultando en el acceso a la aplicaci\u00f3n como la cuenta AD suministrada, con todos los privilegios asociados\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"ics-cert@hq.dhs.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-288\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-287\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:baxter:welch_allyn_connex_cardio:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndIncluding\":\"1.1.1\",\"matchCriteriaId\":\"C9DAE7F6-E2AF-4DF4-AEB0-A62B2A343193\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:baxter:welch_allyn_diagnostic_cardiology_suite:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09D76DAA-4799-4DCD-B7F2-46D17A03A614\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:baxter:welch_allyn_rscribe_resting_ecg_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.01\",\"versionEndIncluding\":\"7.0.0\",\"matchCriteriaId\":\"98FC1911-F92B-4D4A-ABDE-882807F8EF16\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:baxter:welch_allyn_vision_express_holter_analysis_system:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.1.0\",\"versionEndIncluding\":\"6.4.0\",\"matchCriteriaId\":\"4AC5DF38-0E45-496E-BBC5-C46D8B77AF16\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:baxter:welch_allyn_hscribe_holter_analysis_system_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.01\",\"versionEndIncluding\":\"6.4.0\",\"matchCriteriaId\":\"ED9D8D71-FA01-4E29-A27A-78B7933F96C0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:baxter:welch_allyn_hscribe_holter_analysis_system:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC5C925E-8AD6-432A-800B-12DC33FCAA67\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:baxter:welch_allyn_q-stress_cardiac_stress_testing_system_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.0.0\",\"versionEndIncluding\":\"6.3.1\",\"matchCriteriaId\":\"5AA1AF5C-68D3-4D79-A9F0-2E392BE0FB37\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:baxter:welch_allyn_q-stress_cardiac_stress_testing_system:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D183E89E-3219-4979-AADF-345A3A6CB815\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:baxter:welch_allyn_xscribe_cardiac_stress_testing_system_firmware:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.01\",\"versionEndIncluding\":\"6.3.1\",\"matchCriteriaId\":\"E6AF883C-C044-451A-914C-7CA5113670C4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:baxter:welch_allyn_xscribe_cardiac_stress_testing_system:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34255579-A781-4C23-B78A-E20EA6483330\"}]}]}],\"references\":[{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]}]}}"
  }
}

GSD-2021-43935

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-43935

Aliases

CVE-2021-43935

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-43935",
    "description": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.",
    "id": "GSD-2021-43935"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-43935"
      ],
      "details": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.",
      "id": "GSD-2021-43935",
      "modified": "2023-12-13T01:23:26.337633Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "ics-cert@hq.dhs.gov",
        "DATE_PUBLIC": "2021-12-09T17:10:00.000Z",
        "ID": "CVE-2021-43935",
        "STATE": "PUBLIC",
        "TITLE": "ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Welch Allyn Q-Stress Cardiac Stress Testing System",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "6.0.0",
                          "version_value": "6.3.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Welch Allyn X-Scribe Cardiac Stress Testing System",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "5.01",
                          "version_value": "6.3.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Welch Allyn Diagnostic Cardiology Suite",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_name": "2.1.0",
                          "version_value": "2.1.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Welch Allyn Vision Express",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "6.1.0",
                          "version_value": "6.4.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Welch Allyn H-Scribe Holter Analysis System",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "5.01",
                          "version_value": "6.4.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Welch Allyn R-Scribe Resting ECG System",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "5.01",
                          "version_value": "7.0.0"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Welch Allyn Connex Cardio",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_name": "1.0.0",
                          "version_value": "1.1.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Hillrom"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Hillrom reported this vulnerability to CISA"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01",
            "refsource": "MISC",
            "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "Hillrom recommends users upgrade to the latest product versions when updated products are available. Information on how to update these products to their new versions can be found on the Hillrom disclosure page."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "work_around": [
        {
          "lang": "eng",
          "value": "-Disable the SSO feature in the respective Modality Manager Configuration settings. Please refer to the instructions for use (IFU) and/or service manual for instructions on how to disable SSO.\n-Apply proper network and physical security controls.\n-Apply authentication for server access."
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:baxter:welch_allyn_connex_cardio:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.1.1",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:baxter:welch_allyn_diagnostic_cardiology_suite:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:baxter:welch_allyn_rscribe_resting_ecg_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.0.0",
                "versionStartIncluding": "5.01",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:baxter:welch_allyn_vision_express_holter_analysis_system:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "6.4.0",
                "versionStartIncluding": "6.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:baxter:welch_allyn_hscribe_holter_analysis_system_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.4.0",
                    "versionStartIncluding": "5.01",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:baxter:welch_allyn_hscribe_holter_analysis_system:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:baxter:welch_allyn_q-stress_cardiac_stress_testing_system_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.3.1",
                    "versionStartIncluding": "6.0.0",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:baxter:welch_allyn_q-stress_cardiac_stress_testing_system:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:baxter:welch_allyn_xscribe_cardiac_stress_testing_system_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "6.3.1",
                    "versionStartIncluding": "5.01",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:baxter:welch_allyn_xscribe_cardiac_stress_testing_system:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "ics-cert@hq.dhs.gov",
          "ID": "CVE-2021-43935"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01",
              "refsource": "MISC",
              "tags": [
                "Mitigation",
                "Third Party Advisory",
                "US Government Resource"
              ],
              "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-07-25T10:39Z",
      "publishedDate": "2021-12-15T19:15Z"
    }
  }
}

GHSA-VV5R-9WCQ-CQCM

Vulnerability from github – Published: 2021-12-16 00:00 – Updated: 2022-07-26 00:01

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-43935"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287",
      "CWE-288"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-12-15T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.",
  "id": "GHSA-vv5r-9wcq-cqcm",
  "modified": "2022-07-26T00:01:12Z",
  "published": "2021-12-16T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43935"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2021-43935

Vulnerability from fkie_nvd - Published: 2021-12-15 19:15 - Updated: 2024-11-21 06:30

Severity ?

8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	ics-cert@hq.dhs.gov	https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01	Mitigation, Third Party Advisory, US Government Resource
	af854a3a-2127-422b-91ae-364da2661108	https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01	Mitigation, Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
baxter	welch_allyn_connex_cardio	*
baxter	welch_allyn_diagnostic_cardiology_suite	2.1.0
baxter	welch_allyn_rscribe_resting_ecg_system	*
baxter	welch_allyn_vision_express_holter_analysis_system	*
baxter	welch_allyn_hscribe_holter_analysis_system_firmware	*
baxter	welch_allyn_hscribe_holter_analysis_system	-
baxter	welch_allyn_q-stress_cardiac_stress_testing_system_firmware	*
baxter	welch_allyn_q-stress_cardiac_stress_testing_system	-
baxter	welch_allyn_xscribe_cardiac_stress_testing_system_firmware	*
baxter	welch_allyn_xscribe_cardiac_stress_testing_system	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:baxter:welch_allyn_connex_cardio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9DAE7F6-E2AF-4DF4-AEB0-A62B2A343193",
              "versionEndIncluding": "1.1.1",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:baxter:welch_allyn_diagnostic_cardiology_suite:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "09D76DAA-4799-4DCD-B7F2-46D17A03A614",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:baxter:welch_allyn_rscribe_resting_ecg_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98FC1911-F92B-4D4A-ABDE-882807F8EF16",
              "versionEndIncluding": "7.0.0",
              "versionStartIncluding": "5.01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:baxter:welch_allyn_vision_express_holter_analysis_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC5DF38-0E45-496E-BBC5-C46D8B77AF16",
              "versionEndIncluding": "6.4.0",
              "versionStartIncluding": "6.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:baxter:welch_allyn_hscribe_holter_analysis_system_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED9D8D71-FA01-4E29-A27A-78B7933F96C0",
              "versionEndIncluding": "6.4.0",
              "versionStartIncluding": "5.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:baxter:welch_allyn_hscribe_holter_analysis_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC5C925E-8AD6-432A-800B-12DC33FCAA67",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:baxter:welch_allyn_q-stress_cardiac_stress_testing_system_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AA1AF5C-68D3-4D79-A9F0-2E392BE0FB37",
              "versionEndIncluding": "6.3.1",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:baxter:welch_allyn_q-stress_cardiac_stress_testing_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D183E89E-3219-4979-AADF-345A3A6CB815",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:baxter:welch_allyn_xscribe_cardiac_stress_testing_system_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6AF883C-C044-451A-914C-7CA5113670C4",
              "versionEndIncluding": "6.3.1",
              "versionStartIncluding": "5.01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:baxter:welch_allyn_xscribe_cardiac_stress_testing_system:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "34255579-A781-4C23-B78A-E20EA6483330",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges."
    },
    {
      "lang": "es",
      "value": "Los productos afectados, cuando est\u00e1n configurados para usar SSO, est\u00e1n afectados por una vulnerabilidad de autenticaci\u00f3n inapropiada. Esta vulnerabilidad permite que la aplicaci\u00f3n acepte la entrada manual de cualquier cuenta del directorio activo (AD) provista en la aplicaci\u00f3n sin suministrar una contrase\u00f1a, resultando en el acceso a la aplicaci\u00f3n como la cuenta AD suministrada, con todos los privilegios asociados"
    }
  ],
  "id": "CVE-2021-43935",
  "lastModified": "2024-11-21T06:30:01.987",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "ics-cert@hq.dhs.gov",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-15T19:15:15.873",
  "references": [
    {
      "source": "ics-cert@hq.dhs.gov",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/uscert/ics/advisories/icsma-21-343-01"
    }
  ],
  "sourceIdentifier": "ics-cert@hq.dhs.gov",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-288"
        }
      ],
      "source": "ics-cert@hq.dhs.gov",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSMA-21-343-01

Vulnerability from csaf_cisa - Published: 2021-12-09 00:00 - Updated: 2021-12-09 00:00

Summary

Hillrom Welch Allyn Cardio Products

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of this vulnerability could allow an attacker to access privileged accounts.

Critical infrastructure sectors

Healthcare and Public Health

Countries/areas deployed

Worldwide

Company headquarters location

United States

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage oncisa.gov/uscert/ics. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Exploitability

No known public exploits specifically target this vulnerability. This vulnerability has a high attack complexity.

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "organization": "Hillrom",
        "summary": "reporting this vulnerability to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of this vulnerability could allow an attacker to access privileged accounts.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Healthcare and Public Health",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "United States",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage oncisa.gov/uscert/ics. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "other",
        "text": "No known public exploits specifically target this vulnerability. This vulnerability has a high attack complexity.",
        "title": "Exploitability"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-21-343-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2021/icsma-21-343-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-21-343-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-21-343-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "Hillrom Welch Allyn Cardio Products",
    "tracking": {
      "current_release_date": "2021-12-09T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSMA-21-343-01",
      "initial_release_date": "2021-12-09T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2021-12-09T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-21-343-01 Hillrom Welch Allyn Cardio Products"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 1.0.0 | \u003c= 1.1.1",
                "product": {
                  "name": "Welch Allyn Connex Cardio: Versions 1.0.0 through 1.1.1",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "Welch Allyn Connex Cardio"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 6.0.0 | \u003c= 6.3.1",
                "product": {
                  "name": "Welch Allyn Q-Stress Cardiac Stress Testing System: Versions 6.0.0 through 6.3.1",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "Welch Allyn Q-Stress Cardiac Stress Testing System"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 5.01 | \u003c= 6.3.1",
                "product": {
                  "name": "Welch Allyn X-Scribe Cardiac Stress Testing System: Versions 5.01 through 6.3.1",
                  "product_id": "CSAFPID-0003"
                }
              }
            ],
            "category": "product_name",
            "name": "Welch Allyn X-Scribe Cardiac Stress Testing System"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 5.01 | \u003c= 7.0.0",
                "product": {
                  "name": "Welch Allyn R-Scribe Resting ECG System: Versions 5.01 through 7.0.0",
                  "product_id": "CSAFPID-0004"
                }
              }
            ],
            "category": "product_name",
            "name": "Welch Allyn R-Scribe Resting ECG System"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 5.01 | \u003c= 6.4.0",
                "product": {
                  "name": "Welch Allyn H-Scribe Holter Analysis System: Versions 5.01 through 6.4.0",
                  "product_id": "CSAFPID-0005"
                }
              }
            ],
            "category": "product_name",
            "name": "Welch Allyn H-Scribe Holter Analysis System"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.1.0",
                "product": {
                  "name": "Welch Allyn Diagnostic Cardiology Suite: Version 2.1.0",
                  "product_id": "CSAFPID-0006"
                }
              }
            ],
            "category": "product_name",
            "name": "Welch Allyn Diagnostic Cardiology Suite"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003e= 6.1.0 | \u003c= 6.4.0",
                "product": {
                  "name": "Welch Allyn Vision Express: Versions 6.1.0 through 6.4.0",
                  "product_id": "CSAFPID-0007"
                }
              }
            ],
            "category": "product_name",
            "name": "Welch Allyn Vision Express"
          }
        ],
        "category": "vendor",
        "name": "Hillrom"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-43935",
      "cwe": {
        "id": "CWE-288",
        "name": "Authentication Bypass Using an Alternate Path or Channel"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The impacted products, when configured to use SSO, are affected by an improper authentication vulnerability. This vulnerability allows the application to accept manual entry of any active directory (AD) account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges.CVE-2021-43935 has been assigned to this vulnerability. A CVSS v3 base score of 8.1 has been calculated; the CVSS vector string is (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002",
          "CSAFPID-0003",
          "CSAFPID-0004",
          "CSAFPID-0005",
          "CSAFPID-0006",
          "CSAFPID-0007"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43935"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Hillrom plans to release software updates to address this vulnerability in their next software release.\nIn the interim, Hillrom recommends the following workaround and mitigation to reduce the risk:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        },
        {
          "category": "vendor_fix",
          "details": "Hillrom recommends users upgrade to the latest product versions when updated products are available. Information on how to update these products to their new versions can be found on the Hillrom disclosure page.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ],
          "url": "https://www.hillrom.com/en/responsible-disclosures/"
        },
        {
          "category": "vendor_fix",
          "details": "Hillrom recommends the following additional workarounds to help reduce risk:",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002",
            "CSAFPID-0003",
            "CSAFPID-0004",
            "CSAFPID-0005",
            "CSAFPID-0006",
            "CSAFPID-0007"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-43935 (GCVE-0-2021-43935)

GSD-2021-43935

GHSA-VV5R-9WCQ-CQCM

FKIE_CVE-2021-43935

ICSMA-21-343-01

Tags

Sightings

Nomenclature