CVE-2021-27410

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.1940%

EPSS Percentile43.16th

PublishedJun 11, 2021

Last ModifiedNov 21, 2024

Vulnerability Description

The affected product is vulnerable to an out-of-bounds write, which may result in corruption of data or code execution on the Welch Allyn medical device management tools (Welch Allyn Service Tool: versions prior to v1.10, Welch Allyn Connex Device Integration Suite – Network Connectivity Engine (NCE): versions prior to v5.3, Welch Allyn Software Development Kit (SDK): versions prior to v3.2, Welch Allyn Connex Central Station (CS): versions prior to v1.8.6, Welch Allyn Service Monitor: versions prior to v1.7.0.0, Welch Allyn Connex Vital Signs Monitor (CVSM): versions prior to v2.43.02, Welch Allyn Connex Integrated Wall System (CIWS): versions prior to v2.43.02, Welch Allyn Connex Spot Monitor (CSM): versions prior to v1.52, Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device: versions prior to v1.11.00).

< 1.11.00

References & Advisories

🔗 https://us-cert.cisa.gov/ics/advisories/icsma-21-152-01

Vulnerability Description

Affected Platforms (CPE)

Connex Central Station

Connex Device Integration Suite Network Connectivity Engine

Connex Integrated Wall System

Connex Spot Monitor

Connex Vital Signs Monitor

Service Monitor

Service Tool

Software Development Kit

Spot Vital Signs 4400

Spot Vital Signs 4400

References & Advisories

Related Vulnerabilities