ZOLL Defibrillator Dashboard

Act Now9.9ICS-CERT ICSMA-21-161-01Jun 10, 2021

Attack VectorNetwork

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

ZOLL Defibrillator Dashboard versions prior to 2.2 contain multiple vulnerabilities including arbitrary file upload (CWE-434), hardcoded or improperly stored credentials (CWE-321, CWE-257), insufficient data protection (CWE-312), cross-site scripting (CWE-79), and improper access control (CWE-269). Successful exploitation allows remote code execution, credential theft, or modification of application data and functionality. The vulnerabilities require valid dashboard user credentials but affect the confidentiality, integrity, and availability of device monitoring and operational data.

What this means

What could happen

An attacker with valid dashboard credentials could execute arbitrary code on the dashboard server, steal stored credentials, or modify critical device data and alerts. This could lead to incorrect defibrillator status information, missed critical alerts, or loss of audit trails in emergency response scenarios.

Who's at risk

Healthcare facilities, emergency services, and hospitals using ZOLL Defibrillator Dashboard for centralized monitoring and data management of automated external defibrillators (AEDs). This impacts clinical staff, biomedical technicians, and IT administrators responsible for AED readiness and emergency response coordination.

How it could be exploited

An attacker with valid user credentials logs into the Defibrillator Dashboard over the network. They exploit one of several vulnerabilities (arbitrary file upload, hardcoded secrets, or unvalidated input) to achieve remote code execution on the dashboard server, allowing them to access the backend database containing device credentials and operational data.

Prerequisites

Network access to the Defibrillator Dashboard web interface
Valid user credentials (dashboard login account)
Knowledge of at least one of the specific vulnerability classes (file upload, credential storage, or input validation)

remotely exploitablerequires valid credentialsno patch available for legacy versionsaffects safety-critical health device monitoringaffects device audit trails and alerting

Exploitability

Low exploit probability (EPSS 0.5%)

Affected products (1)

ProductAffected VersionsFix Status

Defibrillator Dashboard: All< 2.22.2 or later

Remediation & Mitigation

0/4

Do now

0/1

WORKAROUNDDisable browser password autocomplete function on all machines accessing the Defibrillator Dashboard

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade Defibrillator Dashboard to version 2.2 or later

HARDENINGPerform frequent local checks on defibrillator devices to confirm readiness and verify device data against dashboard records for discrepancies

Long-term hardening

0/1

HARDENINGRestrict network access to the Defibrillator Dashboard to authorized personnel only using firewall rules or VPN

CVEs (6)

CVE-2021-27489 CVE-2021-27481 CVE-2021-27487 CVE-2021-27479 CVE-2021-27485 CVE-2021-27483

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/8000850a-fc47-445e-9f69-6b2bcb72a568