Hillrom Medical Device Management (Update B)
Monitor5.9ICS-CERT ICSMA-21-152-01Jun 1, 2021
Attack VectorAdjacent
Auth RequiredLow
ComplexityHigh
User InteractionNone needed
Summary
Buffer overflow and out-of-bounds read vulnerabilities in Hillrom Welch Allyn medical device management products could allow an attacker to cause memory corruption and remotely execute arbitrary code on patient monitoring devices. Affected products include Connex Spot Monitor, Connex Integrated Wall System, Connex Vital Signs Monitor, Connex Central Station, Spot Vital Signs 4400 devices, and related software integration and development tools. Hillrom has released patched versions for all affected products. These vulnerabilities have high attack complexity, and no known public exploits are currently available.
What this means
What could happen
An attacker could exploit memory corruption in Welch Allyn patient monitoring and vital signs devices to run arbitrary code, potentially allowing tampering with patient data, disabling alarms, or disrupting real-time vital sign monitoring in critical care settings.
Who's at risk
Healthcare facilities using Welch Allyn patient monitoring equipment, including hospital intensive care units, cardiac care, and emergency departments. Specifically affects Connex Spot Monitor, Connex Integrated Wall System, Connex Vital Signs Monitor, Connex Central Station, Spot Vital Signs 4400 devices, and Welch Allyn integration software used for device management and network connectivity.
How it could be exploited
An attacker with local network access to a vulnerable Welch Allyn device could send a specially crafted message to trigger a buffer overflow or out-of-bounds memory read, causing the device to execute arbitrary code. The vulnerabilities have high attack complexity, requiring specific conditions or device state to trigger.
Prerequisites
- Network access to the vulnerable Welch Allyn device on the medical network
- Knowledge of the specific message format or device state required to trigger the memory corruption
- Local network position or ability to send traffic to the device (remote exploitation less likely given high attack complexity)
No authentication required for exploitationHigh attack complexity reduces likelihoodAffects patient safety systems and real-time monitoringMultiple device types across the Welch Allyn product lineLow EPSS score (0.5%) indicates low near-term exploit probability
Exploitability
Low exploit probability (EPSS 0.5%)
Affected products (9)
9 with fix
ProductAffected VersionsFix Status
Welch Allyn Connex Spot Monitor (CSM):< 1.52v1.52
Welch Allyn Connex Integrated Wall System (CIWS):< 2.43.02v2.43.02
Welch Allyn Connex Vital Signs Monitor (CVSM):< 2.43.02v2.43.02
Welch Allyn Connex Central Station (CS):< 1.8.4 Service Pack 01v1.8.4 Service Pack 01
Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device:< 1.11.00v1.11.00
Welch Allyn Software Development Kit (SDK):< 3.2v3.2
Welch Allyn Service Tool:< 1.10v1.10
Welch Allyn Connex Device Integration Suite - Network Connectivity Engine (NCE):< 5.3v5.3
Remediation & Mitigation
0/4
Do now
0/2HARDENINGIsolate patient monitoring networks from the business network using firewalls; ensure monitoring devices are not directly accessible from enterprise or internet-facing networks
HARDENINGRequire authentication for all server and management access to monitoring devices and centralized monitoring systems
Schedule — requires maintenance window
0/2Patching may require device reboot — plan for process interruption
Welch Allyn Spot Vital Signs 4400 Device (Spot 4400) / Welch Allyn Spot 4400 Vital Signs Extended Care Device:
HOTFIXUpdate all affected Welch Allyn devices to patched versions: Connex Spot Monitor v1.52, Connex Integrated Wall System v2.43.02, Connex Vital Signs Monitor v2.43.02, Connex Central Station v1.8.4 SP01, Spot 4400 v1.11.00, SDK v3.2, Service Tool v1.10, NCE v5.3, Service Monitor v1.7.0.0
All products
HARDENINGEnable Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) on systems running Welch Allyn software where applicable
CVEs (2)
↑↓ Navigate · Esc Close
API:
/api/v1/advisories/e9ee11a1-6dd2-4caa-868b-e8b8abd224d4