Hillrom Welch Allyn Cardio Products

Plan Patch8.1ICS-CERT ICSMA-21-343-01Dec 9, 2021

Attack VectorNetwork

Auth RequiredNone

ComplexityHigh

User InteractionNone needed

Summary

Improper authentication handling in the Single Sign-On (SSO) feature of Welch Allyn cardiac diagnostic systems (Connex Cardio, Q-Stress, X-Scribe, R-Scribe, H-Scribe, Diagnostic Cardiology Suite, Vision Express) allows an attacker with network access to bypass authentication and gain privileged account access. No public exploits exist, and exploitation requires high attack complexity. Vendor has not released patches; interim workaround is to disable SSO feature.

What this means

What could happen

An attacker with network access could gain privileged account access to Welch Allyn cardiac diagnostic systems, potentially allowing them to modify patient data, alter test results, or disrupt cardiac monitoring and testing operations.

Who's at risk

Healthcare facilities using Welch Allyn cardiac diagnostic equipment should prioritize this: Connex Cardio, Q-Stress, X-Scribe, R-Scribe, H-Scribe, Diagnostic Cardiology Suite, and Vision Express systems. These devices support patient cardiac testing, stress testing, and ECG analysis. Impact affects clinical staff and patient care quality.

How it could be exploited

An attacker on the network sends a specially crafted request to exploit improper authentication in the Single Sign-On (SSO) feature. This allows the attacker to gain elevated privileges without valid credentials, potentially accessing administrative functions or patient records on the affected cardiac system.

Prerequisites

Network access to the affected Welch Allyn device
Device has SSO feature enabled in Modality Manager Configuration
Device is running vulnerable version (see product versions above)

remotely exploitablehigh attack complexity makes exploitation difficultno patch currently availableaffects safety/clinical systems

Exploitability

Low exploit probability (EPSS 0.2%)

Affected products (7)

7 EOL

ProductAffected VersionsFix Status

Welch Allyn Q-Stress Cardiac Stress Testing System:≥ 6.0.0 | ≤ 6.3.1No fix (EOL)

Welch Allyn X-Scribe Cardiac Stress Testing System:≥ 5.01 | ≤ 6.3.1No fix (EOL)

Welch Allyn R-Scribe Resting ECG System:≥ 5.01 | ≤ 7.0.0No fix (EOL)

Welch Allyn H-Scribe Holter Analysis System:≥ 5.01 | ≤ 6.4.0No fix (EOL)

Welch Allyn Diagnostic Cardiology Suite:2.1.0No fix (EOL)

Welch Allyn Vision Express:≥ 6.1.0 | ≤ 6.4.0No fix (EOL)

Welch Allyn Connex Cardio:≥ 1.0.0 | ≤ 1.1.1No fix (EOL)

Remediation & Mitigation

0/5

Do now

0/2

WORKAROUNDDisable SSO feature in Modality Manager Configuration settings immediately

HARDENINGEnable authentication for all server access to these systems

Schedule — requires maintenance window

0/2

Patching may require device reboot — plan for process interruption

HARDENINGDeploy firewall rules to restrict network access to these systems to only authorized clinical workstations and engineering networks

HOTFIXUpgrade to patched software versions when Hillrom releases updates

Mitigations - no patch available

0/1

The following products have reached End of Life with no planned fix: Welch Allyn Q-Stress Cardiac Stress Testing System:, Welch Allyn X-Scribe Cardiac Stress Testing System:, Welch Allyn R-Scribe Resting ECG System:, Welch Allyn H-Scribe Holter Analysis System:, Welch Allyn Diagnostic Cardiology Suite:, Welch Allyn Vision Express:, Welch Allyn Connex Cardio:. Apply the following compensating controls:

HARDENINGImplement network segmentation: isolate cardiac diagnostic systems from the business network and Internet

CVEs (1)

CVE-2021-43935

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/a9ba401f-78aa-4caa-9daf-a4d3b0c621a2