Hillrom reported the vulnerability to CISA, according to the Dec. 10 report. The flaw can lead to improper authentication of certain cardio products when configured to use single-sign-on entry.
“This vulnerability allows the application to accept manual entry of any active directory account provisioned in the application without supplying a password, resulting in access to the application as the supplied AD account, with all associated privileges,” CISA said.
The vulnerability affects various Hillrom cardiology products when configured to use single sign-on. These products include:
- Welch Allyn Q-Stress Cardiac Stress Testing System: Versions 6.0.0 through 6.3.1
- Welch Allyn X-Scribe Cardiac Stress Testing System: Versions 5.01 through 6.3.1
- Welch Allyn Diagnostic Cardiology Suite: Version 2.1.0
- Welch Allyn Vision Express: Versions 6.1.0 through 6.4.0
- Welch Allyn H-Scribe Holter Analysis System: Versions 5.01 through 6.4.0
- Welch Allyn R-Scribe Resting ECG System: Versions 5.01 through 7.0.0
- Welch Allyn Connex Cardio: Versions 1.0.0 through 1.1.1
Hillrom said it plans to release a software update to fix the vulnerability in its next software release. It also recommends that users upgrade to the latest product versions when they become available and disable the single-sign-on feature to reduce risk.
Baxter finalized its $10.5 billion acquisition of Hillrom on Dec. 13.
